Cisco ASA 5505 User Manual

Page 606

Advertising
background image

30-24

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 30 Configuring Network Object NAT

Feature History for Network Object NAT

Extended PAT for a PAT pool

8.4(3)

Each PAT IP address allows up to 65535 ports. If 65535
ports do not provide enough translations, you can now
enable extended PAT for a PAT pool. Extended PAT uses
65535 ports per service, as opposed to per IP address, by
including the destination address and port in the translation
information.

We modifed the following commands: nat dynamic
[pat-pool mapped_object [extended]].

This feature is not available in 8.5(1) or 8.6(1).

Automatic NAT rules to translate a VPN peer’s
local IP address back to the peer’s real IP
address

8.4(3)

In rare situations, you might want to use a VPN peer’s real
IP address on the inside network instead of an assigned local
IP address. Normally with VPN, the peer is given an
assigned local IP address to access the inside network.
However, you might want to translate the local IP address
back to the peer’s real public IP address if, for example,
your inside servers and network security is based on the
peer’s real IP address.

You can enable this feature on one interface per tunnel
group. Object NAT rules are dynamically added and deleted
when the VPN session is established or disconnected. You
can view the rules using the show nat command.

Note

Because of routing issues, we do not recommend
using this feature unless you know you need this
feature; contact Cisco TAC to confirm feature
compatibility with your network. See the following
limitations:

Only supports Cisco IPsec and AnyConnect Client.

Return traffic to the public IP addresses must be
routed back to the ASA so the NAT policy and VPN
policy can be applied.

Does not support load-balancing (because of
routing issues).

Does not support roaming (public IP changing).

We introduced the following command:
nat-assigned-to-public-ip interface (tunnel-group
general-attributes configuration mode).

Table 30-1

Feature History for Network Object NAT (continued)

Feature Name

Platform
Releases

Feature Information

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals