Filter
Top Products
CHAPTER
6-1
Cisco ASA Series Firewall ASDM Configuration Guide
6
Configuring NAT (ASA 8.2 and Earlier)
This chapter describes Network Address Translation, and includes the following sections:
• NAT Overview, page 6-1
• Configuring NAT Control, page 6-16
• Using Dynamic NAT, page 6-17
• Using Static NAT, page 6-27
• Using NAT Exemption, page 6-33
NAT Overview
This section describes how NAT works on the ASA, and includes the following topics:
• Introduction to NAT, page 6-1
• NAT in Routed Mode, page 6-2
• NAT in Transparent Mode, page 6-3
• NAT Control, page 6-4
• NAT Types, page 6-6
• Policy NAT, page 6-11
• NAT and Same Security Level Interfaces, page 6-13
• Order of NAT Rules Used to Match Real Addresses, page 6-14
• Mapped Address Guidelines, page 6-14
• DNS and NAT, page 6-14
Introduction to NAT
Address translation substitutes the real address in a packet with a mapped address that is routable on the
destination network. NAT is composed of two steps: the process by which a real address is translated
into a mapped address, and the process to undo translation for returning traffic.
The ASA translates an address when a NAT rule matches the traffic. If no NAT rule matches, processing
for the packet continues. The exception is when you enable NAT control. NAT control requires that
packets traversing from a higher security interface (inside) to a lower security interface (outside) match
a NAT rule, or processing for the packet stops. See the “Security Levels” section on page 13-1 in the