6-20
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 6 Configuring NAT (ASA 8.2 and Earlier)
Using Dynamic NAT
Figure 6-16 Different NAT IDs
Multiple Addresses in the Same Global Pool
You can have multiple addresses in the same global pool; the ASA uses the dynamic NAT ranges of
addresses first, in the order they are in the configuration, and then uses the PAT single addresses in order.
You might want to add both a range of addresses and a PAT address if you need to use dynamic NAT for
a particular application, but want to have a backup PAT rule in case all the dynamic NAT addresses are
depleted. Similarly, you might want two PAT addresses in the pool if you need more than the
approximately 64,000 PAT sessions that a single PAT mapped address supports (see Figure 6-17).
Web Server:
www.cisco.com
Outside
Inside
Global 1: 209.165.201.3-
209.165.201.10
Global 2: 209.165.201.11
NAT 1: 10.1.2.0/24
NAT 2: 192.168.1.0/24
10.1.2.27
192.168.1.14
Translation
209.165.201.310.1.2.27
Translation
209.165.201.11:4567192.168.1.14
132927