Cisco ASA 5505 User Manual

31-17

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 31 Configuring Twice NAT

Configuring Twice NAT

Step 5

(Optional)

object service

obj_name

service

{tcp | udp} [source operator

port] [destination operator port]

Example:

hostname(config)# object service

REAL_SRC_SVC

hostname(config-service-object)# service

tcp source eq 80

hostname(config)# object service

MAPPED_SRC_SVC

hostname(config-service-object)# service

tcp source eq 8080

Configure service objects for:

•

Source or destination real port

•

Source or destination mapped port

A service object can contain both a source and destination port;
however, you should specify either the source or the destination
port for both service objects. You should only specify both the
source and destination ports if your application uses a fixed
source port (such as some DNS servers); but fixed source ports are
rare. NAT only supports TCP or UDP. When translating a port, be
sure the protocols in the real and mapped service objects are
identical (both TCP or both UDP). For identity NAT, you can use
the same service object for both the real and mapped ports. The
“not equal” (neq) operator is not supported.

For example, if you want to translate the port for the source host,
then configure the source service.

Command

Purpose