Chapter 10
NAT Examples and Reference
Add a service object for HTTP:
Step 7
hostname(config)# object service HTTPObj
hostname(config-network-object)# service tcp destination eq http
Configure the second twice NAT rule:
Step 8
hostname(config)# nat (inside,outside) source dynamic myInsideNetwork PATaddress2
destination static TelnetWebServer TelnetWebServer service HTTPObj HTTPObj
Example: Twice NAT with Destination Address Translation
The following figure shows a remote host connecting to a mapped host. The mapped host has a twice
static NAT translation that translates the real address only for traffic to and from the 209.165.201.0/27
network. A translation does not exist for the 209.165.200.224/27 network, so the translated host cannot
connect to that network, nor can a host on that network connect to the translated host.
Figure 10-7
NAT in Routed and Transparent Mode
You can configure NAT in both routed and transparent firewall mode. This section describes typical
usage for each firewall mode.
•
•
Twice Static NAT with Destination Address Translation
209.165.201.11
209.165.201.0/27
Undo Translation
209.165.202.128
10.1.2.27
NAT in Routed Mode, page 10-10
NAT in Transparent Mode, page 10-10
209.165.200.225
209.165.200.224/27
DMZ
Inside
10.1.2.0/27
10.1.2.27
Cisco ASA Series Firewall CLI Configuration Guide
NAT in Routed and Transparent Mode
No Translation
10-9