Configuring Network Object NAT
Examples
The following example configures static NAT for the real host 10.1.1.1 on the inside to 10.2.2.2 on the
outside with DNS rewrite enabled.
hostname(config)# object network my-host-obj1
hostname(config-network-object)# host 10.1.1.1
hostname(config-network-object)# nat (inside,outside) static 10.2.2.2 dns
The following example configures static NAT for the real host 10.1.1.1 on the inside to 2.2.2.2 on the
outside using a mapped object.
hostname(config)# object network my-mapped-obj
hostname(config-network-object)# host 10.2.2.2
hostname(config-network-object)# object network my-host-obj1
hostname(config-network-object)# host 10.1.1.1
hostname(config-network-object)# nat (inside,outside) static my-mapped-obj
The following example configures static NAT-with-port-translation for 10.1.1.1 at TCP port 21 to the
outside interface at port 2121.
hostname(config)# object network my-ftp-server
hostname(config-network-object)# host 10.1.1.1
hostname(config-network-object)# nat (inside,outside) static interface service tcp 21 2121
The following example maps an inside IPv4 network to an outside IPv6 network.
hostname(config)# object network inside_v4_v6
hostname(config-network-object)# subnet 10.1.1.0 255.255.255.0
hostname(config-network-object)# nat (inside,outside) static 2001:DB8::/96
The following example maps an inside IPv6 network to an outside IPv6 network.
hostname(config)# object network inside_v6
hostname(config-network-object)# subnet 2001:DB8:AAAA::/96
hostname(config-network-object)# nat (inside,outside) static 2001:DB8:BBBB::/96
Configuring Identity NAT
This section describes how to configure an identity NAT rule using network object NAT. For more
information, see the
Detailed Steps
Command
Step 1
(Optional) Create a network object for the
mapped addresses.
Step 2
object network obj_name
Example:
hostname(config)# object network
my-host-obj1
Cisco ASA Series CLI Configuration Guide
1-14
"Identity NAT" section on page
Purpose
The object must include the same addresses that you want to
translate. See the
Addresses" section on page
Configures a network object for which you want to perform
identity NAT, or enters object network configuration mode for an
existing network object. This network object has a different name
from the mapped network object (see
both contain the same IP addresses.
Chapter 1
Configuring Network Object NAT
1-10.
"Adding Network Objects for Mapped
1-4.
Step
1) even though they