Filter
Top Products
5-28
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 5 Configuring Twice NAT (ASA 8.3 and Later)
Configuring Twice NAT
For identity NAT for the destination address, simply use the same object or group for both the real
and mapped addresses.
If you want to translate the destination address, then the static mapping is typically one-to-one, so
the real addresses have the same quantity as the mapped addresses. You can, however, have different
quantities if desired. For more information, see the “Static NAT” section on page 3-3. See the
“Guidelines and Limitations” section on page 5-2 for information about disallowed mapped IP
addresses.
For static interface NAT with port translation only, choose an interface. If you specify an interface,
be sure to also configure a a service translation. For more information, see the “Static Interface NAT
with Port Translation” section on page 3-6.
Step 7 (Optional) Identify the translated packet source or destination port (the mapped source port or the real
destination port). For the Match Criteria: Translated Packet > Service, click the browse button and
choose an existing TCP or UDP service object or create a new object from the Browse Translated Service
dialog box.
A service object can contain both a source and destination port. You should specify either the source or
the destination port for both service objects. You should only specify both the source and destination
ports if your application uses a fixed source port (such as some DNS servers); but fixed source ports are
rare. In the rare case where you specify both the source and destination ports in the object, the original
packet service object contains the real source port/mapped destination port; the translated packet service
object contains the mapped source port/real destination port. NAT only supports TCP or UDP. When
translating a port, be sure the protocols in the real and mapped service objects are identical (both TCP
or both UDP). For identity NAT, you can use the same service object for both the real and mapped ports.
The “not equal” (!=) operator is not supported.
Step 8 (Optional) Configure NAT options in the Options area.