Chapter 27
Configuring Network Object NAT
•
•
Configuring Network Object NAT
This section describes how to configure network object NAT to create rules for dynamic NAT, dynamic
PAT, static NAT, static NAT with port translation, and identity NAT. This section includes the following
topics:
•
•
•
•
Configuring Dynamic NAT
This section describes how to configure a dynamic NAT rule using network object NAT. For more
information, see the
Detailed Steps
You can add NAT to a new or existing network object:
Step 1
•
Figure 27-1
OL-20339-01
Objects and object groups used in NAT cannot be undefined; they must include IP addresses.
The mapped IP address pool cannot include:
The mapped interface IP address. If you specify --Any-- interface for the rule, then all interface
–
IP addresses are disallowed. For interface PAT (routed mode only), use the interface name
instead of the IP address.
–
(Transparent mode) The management IP address.
–
(Dynamic NAT) The standby interface IP address when VPN is enabled.
Existing VPN pool addresses.
–
Configuring Dynamic NAT, page 27-3
Configuring Dynamic PAT (Hide), page 27-7
Configuring Static NAT or Static NAT with Port Translation, page 27-11
Configuring Identity NAT, page 27-14
"Dynamic NAT" section on page
To add a new network object, choose Configuration > Firewall > NAT Rules, then click Add >
Add Network Object NAT Rule.
Adding a Network Object NAT Rule
26-8.
Cisco ASA 5500 Series Configuration Guide using ASDM
Configuring Network Object NAT
27-3