Filter
Top Products
5-17
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 5 Configuring Twice NAT (ASA 8.3 and Later)
Configuring Twice NAT
You can also create a new service object from the Browse Translated Service dialog box and use this
object as the mapped destination port.
Dynamic PAT does not support additional port translation. However, because the destination translation
is always static, you can perform port translation for the destination port. A service object can contain
both a source and destination port, but only the destination port is used in this case. If you specify the
source port, it will be ignored. NAT only supports TCP or UDP. When translating a port, be sure the
protocols in the real and mapped service objects are identical (both TCP or both UDP). For identity NAT,
you can use the same service object for both the real and mapped ports. The “not equal” (!=) operator is
not supported.
Step 8 (Optional) Configure NAT options in the Options area.
a. Enable rule —Enables this NAT rule. The rule is enabled by default.
b. (For a source-only rule) Translate DNS replies that match this rule—Rewrites the DNS A record in
DNS replies. Be sure DNS inspection is enabled (it is enabled by default). You cannot configure
DNS modification if you configure a destination address. See the “DNS and NAT” section on
page 3-31 for more information.
c. Description—Adds a description about the rule up to 200 characters in length.