CHAPTER
21-1
Cisco ASDM User Guide
OL-16647-01
21
Configuring NAT
This chapter describes Network Address Translation, and includes the following sections:
• NAT Overview, page 21-1
• Configuring NAT Control, page 21-15
• Using Dynamic NAT, page 21-16
• Using Static NAT, page 21-26
• Using NAT Exemption, page 21-32
NAT Overview
This section describes how NAT works on the security appliance, and includes the following topics:
• Introduction to NAT, page 21-1
• NAT Control, page 21-4
• NAT Types, page 21-6
• Policy NAT, page 21-10
• NAT and Same Security Level Interfaces, page 21-12
• Order of NAT Rules Used to Match Real Addresses, page 21-13
• Mapped Address Guidelines, page 21-13
• DNS and NAT, page 21-13
Introduction to NAT
Address translation substitutes the real address in a packet with a mapped address that is routable on the
destination network. NAT is composed of two steps: the process by which a real address is translated
into a mapped address, and the process to undo translation for returning traffic.
The security appliance translates an address when a NAT rule matches the traffic. If no NAT rule
matches, processing for the packet continues. The exception is when you enable NAT control.
NAT control requires that packets traversing from a higher security interface (inside) to a lower security
interface (outside) match a NAT rule, or processing for the packet stops. See the “Default Security Level”
section on page 7-4 for more information about security levels. See the “NAT Control” section on
page 21-4 for more information about NAT control.