Cisco Systems and the ASA Services Module Network Router User Manual


 
4-2
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 4 Configuring Network Object NAT
Licensing Requirements for Network Object NAT
Licensing Requirements for Network Object NAT
The following table shows the licensing requirements for this feature:
Prerequisites for Network Object NAT
Depending on the configuration, you can configure the mapped address inline if desired or you can create
a separate network object or network object group for the mapped address (the object network or
object-group network command). Network object groups are particularly useful for creating a mapped
address pool with discontinous IP address ranges or multiple hosts or subnets. To create a network object
or group, see the general operations configuration guide.
For specific guidelines for objects and groups, see the configuration section for the NAT type you want
to configure. See also the “Guidelines and Limitations” section.
Guidelines and Limitations
Context Mode Guidelines
Supported in single and multiple context mode.
Firewall Mode Guidelines
Supported in routed and transparent firewall mode.
In transparent mode, you must specify the real and mapped interfaces; you cannot use any.
In transparent mode, you cannot configure interface PAT, because the transparent mode interfaces
do not have IP addresses. You also cannot use the management IP address as a mapped address.
In transparent mode, translating between IPv4 and IPv6 networks is not supported. Translating
between two IPv6 networks, or between two IPv4 networks is supported.
IPv6 Guidelines
Supports IPv6. See also the “NAT and IPv6” section on page 3-13.
For routed mode, you can also translate between IPv4 and IPv6.
For transparent mode, translating between IPv4 and IPv6 networks is not supported. Translating
between two IPv6 networks, or between two IPv4 networks is supported.
For transparent mode, a PAT pool is not supported for IPv6.
For static NAT, you can specify an IPv6 subnet up to /64. Larger subnets are not supported.
When using FTP with NAT46, when an IPv4 FTP client connects to an IPv6 FTP server, the client
must use either the extended passive mode (EPSV) or extended port mode (EPRT); PASV and PORT
commands are not supported with IPv6.
Model License Requirement
All models Base License.