CHAPTER
5-1
Cisco ASA Series Firewall CLI Configuration Guide
5
Configuring Twice NAT
Twice NAT lets you identify both the source and destination address in a single rule. This chapter shows
you how to configure twice NAT and includes the following sections:
• Information About Twice NAT, page 5-1
• Licensing Requirements for Twice NAT, page 5-2
• Prerequisites for Twice NAT, page 5-2
• Guidelines and Limitations, page 5-2
• Default Settings, page 5-4
• Configuring Twice NAT, page 5-4
• Monitoring Twice NAT, page 5-24
• Configuration Examples for Twice NAT, page 5-25
• Feature History for Twice NAT, page 5-29
Note For detailed information about how NAT works, see Chapter 3, “Information About NAT.”
Information About Twice NAT
Twice NAT lets you identify both the source and destination address in a single rule. Specifying both the
source and destination addresses lets you specify that a source address should be translated to A when
going to destination X, but be translated to B when going to destination Y, for example.
Note For static NAT, the rule is bidirectional, so be aware that “source” and “destination” are used in
commands and descriptions throughout this guide even though a given connection might originate at the
“destination” address. For example, if you configure static NAT with port address translation, and
specify the source address as a Telnet server, and you want all traffic going to that Telnet server to have
the port translated from 2323 to 23, then in the command, you must specify the source ports to be
translated (real: 23, mapped: 2323). You specify the source ports because you specified the Telnet server
address as the source address.
The destination address is optional. If you specify the destination address, you can either map it to itself
(identity NAT), or you can map it to a different address. The destination mapping is always a static
mapping.