3-7
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 3 Information About NAT (ASA 8.3 and Later)
NAT Types
For example, you have a load balancer at 10.1.2.27. Depending on the URL requested, it redirects traffic
to the correct web server (see Figure 3-5). (See the “Inside Load Balancer with Multiple Mapped
Addresses (Static NAT, One-to-Many)” section on page 4-29 for details on how to configure this
example.)
Figure 3-5 One-to-Many Static NAT
Information About Other Mapping Scenarios (Not Recommended)
The ASA has the flexibility to allow any kind of static mapping scenario: one-to-one, one-to-many, but
also few-to-many, many-to-few, and many-to-one mappings. We recommend using only one-to-one or
one-to-many mappings. These other mapping options might result in unintended consequences.
Functionally, few-to-many is the same as one-to-many; but because the configuration is more
complicated and the actual mappings may not be obvious at a glance, we recommend creating a
one-to-many configuration for each real address that requires it. For example, for a few-to-many
scenario, the few real addresses are mapped to the many mapped addresses in order (A to 1, B to 2, C to
3). When all real addresses are mapped, the next mapped address is mapped to the first real address, and
so on until all mapped addresses are mapped (A to 4, B to 5, C to 6). This results in multiple mapped
addresses for each real address. Just like a one-to-many configuration, only the first mappings are
bidirectional; subsequent mappings allow traffic to be initiated to the real host, but all traffic from the
real host uses only the first mapped address for the source.
Host
Outside
Inside
Load Balancer
10.1.2.27
Web Servers
Undo Translation
10.1.2.27209.165.201.3
Undo Translation
10.1.2.27209.165.201.4
Undo Translation
10.1.2.27209.165.201.5
248633