Cisco ASA 5505 User Manual
Page 620
 
31-14
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 31 Configuring Twice NAT
Configuring Twice NAT
(continued)
•
Destination addresses (Optional):
–
Mapped—Specify a network object or group, or for static 
interface NAT with port translation only (routed mode), 
specify the interface keyword (see 
). If you
specify interface, be sure to also configure the service 
keyword. For this option, you must configure a specific 
interface for the real_ifc. See the 
with Port Translation” section on page 29-5
information.
–
Real—Specify a network object or group (see
For identity NAT, simply use the same object or group for 
both the real and mapped addresses.
•
Destination port—(Optional) Specify the service keyword 
along with the real and mapped service objects (see 
For identity port translation, simply use the same service 
object for both the real and mapped ports.
•
DNS—(Optional; for a source-only rule) The dns keyword 
translates DNS replies. Be sure DNS inspection is enabled (it 
is enabled by default). You cannot configure the dns keyword 
if you configure a destination address. See the 
for more information.
•
Inactive—(Optional) To make this rule inactive without 
having to remove the command, use the inactive keyword. To 
reactivate it, reenter the whole command without the inactive 
keyword.
•
Description—(Optional) Provide a description up to 200 
characters using the description keyword.
Command
Purpose