CHAPTER
4-1
Cisco ASA Series Firewall ASDM Configuration Guide
4
Configuring Network Object NAT (ASA 8.3 and
Later)
All NAT rules that are configured as a parameter of a network object are considered to be network object
NAT rules. Network object NAT is a quick and easy way to configure NAT for a single IP address, a range
of addresses, or a subnet. After you configure the network object, you can then identify the mapped
address for that object.
This chapter describes how to configure network object NAT, and it includes the following sections:
• Information About Network Object NAT, page 4-1
• Licensing Requirements for Network Object NAT, page 4-2
• Prerequisites for Network Object NAT, page 4-2
• Guidelines and Limitations, page 4-2
• Default Settings, page 4-3
• Configuring Network Object NAT, page 4-4
• Monitoring Network Object NAT, page 4-20
• Configuration Examples for Network Object NAT, page 4-21
• Feature History for Network Object NAT, page 4-46
Note For detailed information about how NAT works, see Chapter 3, “Information About NAT (ASA 8.3 and
Later).”
Information About Network Object NAT
When a packet enters the ASA, both the source and destination IP addresses are checked against the
network object NAT rules. The source and destination address in the packet can be translated by separate
rules if separate matches are made. These rules are not tied to each other; different combinations of rules
can be used depending on the traffic.
Because the rules are never paired, you cannot specify that a source address should be translated to A
when going to destination X, but be translated to B when going to destination Y. Use twice NAT for that
kind of functionality (twice NAT lets you identify the source and destination address in a single rule).
For detailed information about the differences between twice NAT and network object NAT, see the
“How NAT is Implemented” section on page 3-15.