3-10
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 3 Information About NAT
NAT in Routed and Transparent Mode
Identity NAT
You might have a NAT configuration in which you need to translate an IP address to itself. For example,
if you create a broad rule that applies NAT to every network, but want to exclude one network from NAT,
you can create a static NAT rule to translate an address to itself. Identity NAT is necessary for remote
access VPN, where you need to exempt the client traffic from NAT.
Figure 3-8 shows a typical identity NAT scenario.
Figure 3-8 Identity NAT
NAT in Routed and Transparent Mode
You can configure NAT in both routed and transparent firewall mode. This section describes typical
usage for each firewall mode and includes the following topics:
• NAT in Routed Mode, page 3-11
• NAT in Transparent Mode, page 3-11
209.165.201.1 209.165.201.1
Inside Outside
209.165.201.2 209.165.201.2
130036
Security
Appliance