Filter
Top Products
4-18
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later)
Configuring Network Object NAT
Configuring Per-Session PAT Rules
By default, all TCP PAT traffic and all UDP DNS traffic uses per-session PAT. To use multi-session PAT
for traffic, you can configure per-session PAT rules: a permit rule uses per-session PAT, and a deny rule
uses multi-session PAT. For more information about per-session vs. multi-session PAT, see the
“Per-Session PAT vs. Multi-Session PAT (Version 9.0(1) and Later)” section on page 3-11.
Defaults
By default, the following rules are installed:
• Permit TCP from any (IPv4 and IPv6) to any (IPv4 and IPv6)
• Permit UDP from any (IPv4 and IPv6) to domain
These rules do not appear in the rule table.
Note You cannot remove these rules, and they always exist after any manually-created rules. Because rules
are evaluated in order, you can override the default rules. For example, to completely negate these rules,
you could add the following:
• Deny TCP from any (IPv4 and IPv6) to any (IPv4 and IPv6)
• Deny UDP from any (IPv4 and IPv6) to domain
Detailed Steps
Step 1 Choose Configuration > Firewall > Advanced > Per-Session NAT Rules, and click Add > Add
Per-Session NAT Rule.
Step 2 Click Permit or Deny.