Filter
Top Products
4-9
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 4 Configuring Network Object NAT
Configuring Network Object NAT
Step 4
nat [(real_ifc,mapped_ifc)] dynamic
{mapped_inline_host_ip | mapped_obj |
pat-pool mapped_obj [round-robin]
[extended] [flat [include-reserve]] |
interface [ipv6]} [interface [ipv6]] [dns]
Example:
ciscoasa(config-network-object)# nat
(any,outside) dynamic interface
Configures dynamic PAT for the object IP addresses. You can
only define a single NAT rule for a given object. See the
“Additional Guidelines” section on page 4-3.
See the following guidelines:
• Interfaces—(Required for transparent mode) Specify the real
and mapped interfaces. Be sure to include the parentheses in
your command. In routed mode, if you do not specify the real
and mapped interfaces, all interfaces are used; you can also
specify the keyword any for one or both of the interfaces.
• Mapped IP address—You can specify the mapped IP address
as:
–
An inline host address.
–
An existing network object that is defined as a host
address (see Step 1).
–
pat-pool—An existing network object or group that
contains multiple addresses.
–
interface—(Routed mode only) The IP address of the
mapped interface is used as the mapped address. If you
specify ipv6, then the IPv6 address of the interface is
used. For this option, you must configure a specific
interface for the mapped_ifc. You must use this keyword
when you want to use the interface IP address; you
cannot enter it inline or as an object.
• For a PAT pool, you can specify one or more of the following
options:
–
Round robin—The round-robin keyword enables
round-robin address allocation for a PAT pool. Without
round robin, by default all ports for a PAT address will be
allocated before the next PAT address is used. The
round-robin method assigns an address/port from each
PAT address in the pool before returning to use the first
address again, and then the second address, and so on.
(continued)
Command Purpose