Cisco Systems ASA 5500 Network Router User Manual

  Open as PDF
of 1994
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 31 Configuring Twice NAT
Configuring Twice NAT
Configuring Static NAT or Static NAT-with-Port-Translation
This section describes how to configure a static NAT rule using twice NAT. For more information about
static NAT, see the “Static NAT” section on page 29-3.
Detailed Steps
Command Purpose
Step 1
Network object:
object network obj_name
{host ip_address | subnet
subnet_address netmask | range
ip_address_1 ip_address_2}
Network object group:
object-group network grp_name
{network-object {object net_obj_name |
subnet_address netmask |
host ip_address} |
group-object grp_obj_name}
hostname(config)# object network MyInsNet
hostname(config-network-object)# subnet
Configure the real source addresses.
You can configure either a network object or a network object
group. For more information, see the “Configuring Objects”
section on page 13-3.
Step 2
Network object:
object network obj_name
{host ip_address | subnet
subnet_address netmask | range
ip_address_1 ip_address_2}
Network object group:
object-group network grp_name
{network-object {object net_obj_name |
subnet_address netmask |
host ip_address} |
group-object grp_obj_name}
hostname(config)# object network
hostname(config-network-object)# subnet
Configure the mapped source addresses.
You can configure either a network object or a network object
group. For static NAT, the mapping is typically one-to-one, so the
real addresses have the same quantity as the mapped addresses.
You can, however, have different quantities if desired. For more
information, see the “Static NAT” section on page 29-3.
For static interface NAT with port translation (routed mode only),
you can skip this step and specify the interface keyword instead
of a network object/group for the mapped address. For more
information, see the “Static Interface NAT with Port Translation”
section on page 29-5.
See the “Guidelines and Limitations” section on page 31-2 for
information about disallowed mapped IP addresses.