Cisco ASA 5505 User Manual

Page 602

Advertising
background image

30-20

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 30 Configuring Network Object NAT

Configuration Examples for Network Object NAT

When an inside host sends a DNS request for the address of ftp.cisco.com, the DNS server replies with
the mapped address (209.165.201.10). The ASA refers to the static rule for the inside server and
translates the address inside the DNS reply to 10.1.3.14. If you do not enable DNS reply modification,
then the inside host attempts to send traffic to 209.165.201.10 instead of accessing ftp.cisco.com
directly.

Figure 30-5

DNS Reply Modification

Step 1

Create a network object for the FTP server address:

hostname(config)# object network FTP_SERVER

Step 2

Define the FTP server address, and configure static NAT with DNS modification:

hostname(config-network-object)# host 10.1.3.14

hostname(config-network-object)# nat (inside,outside) static 209.165.201.10 dns

DNS Server

Outside

Inside

User

130021

1

2

3

4

5

DNS Reply Modification

209.165.201.10

10.1.3.14

DNS Reply

209.165.201.10

DNS Reply

10.1.3.14

DNS Query

ftp.cisco.com?

FTP Request

10.1.3.14

Security
Appliance

ftp.cisco.com

10.1.3.14

Static Translation

on Outside to:

209.165.201.10

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals