4-2
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later)
Licensing Requirements for Network Object NAT
Network object NAT rules are added to section 2 of the NAT rules table. For more information about
NAT ordering, see the “NAT Rule Order” section on page 3-20.
Licensing Requirements for Network Object NAT
The following table shows the licensing requirements for this feature:
Prerequisites for Network Object NAT
Depending on the configuration, you can configure the mapped address inline if desired or you can create
a separate network object or network object group for the mapped address. Network object groups are
particularly useful for creating a mapped address pool with discontinous IP address ranges or multiple
hosts or subnets. To create a network object or group, see the “Configuring Network Objects and
Groups” section on page 20-2 in the general operations configuration guide.
For specific guidelines for objects and groups, see the configuration section for the NAT type you want
to configure. See also the “Guidelines and Limitations” section.
Guidelines and Limitations
Context Mode Guidelines
Supported in single and multiple context mode.
Firewall Mode Guidelines
• Supported in routed and transparent firewall mode.
• In transparent mode, you must specify the real and mapped interfaces; you cannot use --Any--.
• In transparent mode, you cannot configure interface PAT, because the transparent mode interfaces
do not have IP addresses. You also cannot use the management IP address as a mapped address.
• In transparent mode, translating between IPv4 and IPv6 networks is not supported. Translating
between two IPv6 networks, or between two IPv4 networks is supported.
IPv6 Guidelines
• Supports IPv6. See also the “NAT and IPv6” section on page 3-15.
• For routed mode, you can also translate between IPv4 and IPv6.
• For transparent mode, translating between IPv4 and IPv6 networks is not supported. Translating
between two IPv6 networks, or between two IPv4 networks is supported.
• For transparent mode, a PAT pool is not supported for IPv6.
• For static NAT, you can specify an IPv6 subnet up to /64. Larger subnets are not supported.
Model License Requirement
All models Base License.