Cisco ASA 5505 User Manual

Page 598

Advertising
background image

30-16

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 30 Configuring Network Object NAT

Configuration Examples for Network Object NAT

Step 3

Configure static NAT for the object:

hostname(config-network-object)# nat (inside,outside) static 209.165.201.10

NAT for Inside Hosts (Dynamic NAT) and NAT for an Outside Web Server
(Static NAT)

The following example configures dynamic NAT for inside users on a private network when they access
the outside. Also, when inside users connect to an outside web server, that web server address is
translated to an address that appears to be on the inside network. (See

Figure 30-2

).

Figure 30-2

Dynamic NAT for Inside, Static NAT for Outside Web Server

Step 1

Create a network object for the dynamic NAT pool to which you want to translate the inside addresses:

hostname(config)# object network myNatPool

hostname(config-network-object)# range 209.165.201.20 209.165.201.30

Step 2

Create a network object for the inside network:

hostname(config)# object network myInsNet

hostname(config-network-object)# subnet 10.1.2.0 255.255.255.0

Step 3

Enable dynamic NAT for the inside network:

hostname(config-network-object)# nat (inside,outside) dynamic myNatPool

Outside

Inside

10.1.2.1

209.165.201.1

Security
Appliance

myInsNet
10.1.2.0/24

Web Server
209.165.201.12

209.165.201.12

10.1.2.20

24

8

77

3

Undo Translation

10.1.2.10

209.165.201.20

Translation

Advertising