Filter
Top Products
33-14
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 33 Configuring Network Object NAT (ASA 8.3 and Later)
Configuring Network Object NAT
Typically, you configure the same number of mapped addresses as real addresses for a one-to-one
mapping. You can, however, have a mismatched number of addresses. For more information, see the
“Static NAT” section on page 32-3.
Step 7 (Optional) Click Advanced, and configure the following options in the Advanced NAT Settings dialog
box.
• Translate DNS replies for rule—Translates the IP address in DNS replies. Be sure DNS inspection
is enabled (it is enabled by default). See the “DNS and NAT” section on page 32-24 for more
information.
• Disable Proxy ARP on egress interface—Disables proxy ARP for incoming packets to the mapped
IP addresses. See the “Mapped Addresses and Routing” section on page 32-22 for more information.
• (Required for Transparent Firewall Mode) Interface:
–
Source Interface—Specifies the real interface where this NAT rule applies. By default, the rule
applies to all interfaces.
–
Destination Interface—Specifies the mapped interface where this NAT rule applies. By default,
the rule applies to all interfaces.
• Service:
–
Protocol—Configures static NAT-with-port-translation. Choose tcp or udp.
–
Real Port—You can type either a port number or a well-known port name (such as “ftp”).
–
Mapped Port—You can type either a port number or a well-known port name (such as “ftp”).
When you are finished, click OK. You return to the Add/Edit Network Object dialog box.
Step 8 Click OK, and then Apply.
Because static rules are bidirectional (allowing initiation to and from the real host), the NAT Rules table
show two rows for each static rule, one for each direction.