Filter
Top Products
34-7
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 34 Configuring Twice NAT (ASA 8.3 and Later)
Configuring Twice NAT
in the real and mapped service objects are identical (both TCP or both UDP). For identity NAT, you can
use the same service object for both the real and mapped ports. The “not equal” (!=) operator is not
supported.
Step 5 Choose Dynamic from the Match Criteria: Translated Packet > Source NAT Type drop-down list.
This setting only applies to the source address; the destination translation is always static.
Step 6 Identify the translated packet addresses; namely, the packet addresses as they appear on the destination
interface network (the mapped source address and the real destination address). See the following figure
for an example of the original packet vs. the translated packet.
a. You can perform either dynamic NAT or Dynamic PAT using a PAT pool:
• Dynamic NAT—For the Match Criteria: Translated Packet > Source Address, click the browse
button and choose an existing network object or group or create a new object or group from the
Browse Translated Source Address dialog box.
For dynamic NAT, you typically configure a larger group of source addresses to be mapped to a
smaller group.
Real: 192.168.1.1
Mapped: 10.1.1.1
Real: 10.1.2.2
Mapped: 192.168.2.2
NAT
Source Destination
Outside
Inside
10.1.2.2 ---> 10.1.1.1 192.168.2.2 ---> 192.168.1.1
Original Packet Translated Packet