4-23
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 4 Configuring Network Object NAT
Configuration Examples for Network Object NAT
Step 5 Create a network object for the SMTP server address:
ciscoasa(config)# object network SMTP_SERVER
Step 6 Define the SMTP server address, and configure static NAT with identity port translation for the SMTP
server:
ciscoasa(config-network-object)# host 10.1.2.29
ciscoasa(config-network-object)# nat (inside,outside) static 209.165.201.3 service tcp
smtp smtp
DNS Server on Mapped Interface, Web Server on Real Interface (Static NAT
with DNS Modification)
For example, a DNS server is accessible from the outside interface. A server, ftp.cisco.com, is on the
inside interface. You configure the ASA to statically translate the ftp.cisco.com real address (10.1.3.14)
to a mapped address (209.165.201.10) that is visible on the outside network. (See Figure 4-5.) In this
case, you want to enable DNS reply modification on this static rule so that inside users who have access
to ftp.cisco.com using the real address receive the real address from the DNS server, and not the mapped
address.
