Cisco ASA Series Configuration Manual page 212
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Examples for Twice NAT
Figure 10-6
10.1.2.27:80
Procedure
Step 1
Add a network object for the inside network:
hostname(config)# object network myInsideNetwork
hostname(config-network-object)# subnet 10.1.2.0 255.255.255.0
Add a network object for the Telnet/Web server:
Step 2
hostname(config)# object network TelnetWebServer
hostname(config-network-object)# host 209.165.201.11
Add a network object for the PAT address when using Telnet:
Step 3
hostname(config)# object network PATaddress1
hostname(config-network-object)# host 209.165.202.129
Add a service object for Telnet:
Step 4
hostname(config)# object service TelnetObj
hostname(config-network-object)# service tcp destination eq telnet
Configure the first twice NAT rule:
Step 5
hostname(config)# nat (inside,outside) source dynamic myInsideNetwork PATaddress1
destination static TelnetWebServer TelnetWebServer service TelnetObj TelnetObj
Because you do not want to translate the destination address or port, you need to configure identity NAT
for them by specifying the same address for the real and mapped destination addresses, and the same
port for the real and mapped service.
Add a network object for the PAT address when using HTTP:
Step 6
hostname(config)# object network PATaddress2
hostname(config-network-object)# host 209.165.202.130
Cisco ASA Series Firewall CLI Configuration Guide
10-8
Twice NAT with Different Destination Ports
Web and Telnet server:
209.165.201.11
Internet
Translation
209.165.202.129
Inside
Web Packet
Dest. Address:
209.165.201.11:80
10.1.2.27
Chapter 10
Translation
10.1.2.27:23
209.165.202.130
10.1.2.0/24
Telnet Packet
Dest. Address:
209.165.201.11:23
NAT Examples and Reference
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
