Cisco Systems ASA Services Module Webcam User Manual


 
4-46
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later)
Feature History for Network Object NAT
PAT pool and round robin address assignment 8.4(2)/8.5(1) You can now specify a pool of PAT addresses instead of a
single address. You can also optionally enable round-robin
assignment of PAT addresses instead of first using all ports
on a PAT address before using the next address in the pool.
These features help prevent a large number of connections
from a single PAT address from appearing to be part of a
DoS attack and makes configuration of large numbers of
PAT addresses easy.
We modified the following screens: Configuration >
Firewall > NAT Rules > Add/Edit Network Object.
Round robin PAT pool allocation uses the same
IP address for existing hosts
8.4(3) When using a PAT pool with round robin allocation, if a host
has an existing connection, then subsequent connections
from that host will use the same PAT IP address if ports are
available.
We did not modify any screens.
This feature is not available in 8.5(1) or 8.6(1).
Flat range of PAT ports for a PAT pool 8.4(3) If available, the real source port number is used for the
mapped port. However, if the real port is not available, by
default the mapped ports are chosen from the same range of
ports as the real port number: 0 to 511, 512 to 1023, and
1024 to 65535. Therefore, ports below 1024 have only a
small PAT pool.
If you have a lot of traffic that uses the lower port ranges,
when using a PAT pool, you can now specify a flat range of
ports to be used instead of the three unequal-sized tiers:
either 1024 to 65535, or 1 to 65535.
We modified the following screens: Configuration >
Firewall > NAT Rules > Add/Edit Network Object.
This feature is not available in 8.5(1) or 8.6(1).
Extended PAT for a PAT pool 8.4(3) Each PAT IP address allows up to 65535 ports. If 65535
ports do not provide enough translations, you can now
enable extended PAT for a PAT pool. Extended PAT uses
65535 ports per service, as opposed to per IP address, by
including the destination address and port in the translation
information.
We modified the following screens: Configuration >
Firewall > NAT Rules > Add/Edit Network Object.
This feature is not available in 8.5(1) or 8.6(1).
Table 4-1 Feature History for Network Object NAT (continued)
Feature Name
Platform
Releases Feature Information