Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
33-7
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 33 Configuring Network Object NAT (ASA 8.3 and Later)
Configuring Network Object NAT
a. Do not enter a value for the Translated Addr. field; leave it blank.
b. Check the PAT Pool Translated Address check box, then click the browse button and choose an
existing network object or create a new network object from the Browse Translated PAT Pool
Address dialog box.
Note The PAT pool object or group cannot contain a subnet.
c. (Optional) Check the Round Robin check box to assign addresses/ports in a round-robin fashion.
By default without round robin, all ports for a PAT address will be allocated before the next PAT
address is used. The round-robin method assigns one address/port from each PAT address in the pool
before returning to use the first address again, and then the second address, and so on.
d. (Optional, 8.4(3) and later, not including 8.5(1) or 8.6(1)) Check the Extend PAT uniqueness to
per destination instead of per interface check box to use extended PAT. Extended PAT uses 65535
ports per service, as opposed to per IP address, by including the destination address and port in the
translation information. Normally, the destination port and address are not considered when creating
PAT translations, so you are limited to 65535 ports per PAT address. For example, with extended
PAT, you can create a translation of 10.1.1.1:1027 when going to 192.168.1.7:23 as well as a
translation of 10.1.1.1:1027 when going to 192.168.1.7:80.
e. (Optional, 8.4(3) and later, not including 8.5(1) or 8.6(1)) Check the Translate TCP or UDP ports
into flat range (1024-65535) check box to use the 1024 to 65535 port range as a single flat range
when allocating ports. When choosing the mapped port number for a translation, the ASA uses the
real source port number if it is available. However, without this option, if the real port is not
available, by default the mapped ports are chosen from the same range of ports as the real port
number: 1 to 511, 512 to 1023, and 1024 to 65535. To avoid running out of ports at the low ranges,
configure this setting. To use the entire range of 1 to 65535, also check the Include range 1 to 1023
check box.
Step 7 (Optional, Routed Mode Only) To use the interface IP address as a backup method when the other
mapped addresses are already allocated, check the Fall through to interface PAT (dest intf) check box,
and choose the interface from the drop-down list.
Step 8 (Optional) Click Advanced, and configure the following options in the Advanced NAT Settings dialog
box.