Cisco ASA Series Cli Configuration Manual page 788
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Configuring Network Object NAT
•
•
•
For round robin for a PAT pool:
•
•
Detailed Steps
Command
Step 1
(Optional) Create a network object or group for
the mapped addresses.
Step 2
object network obj_name
Example:
hostname(config)# object network
my-host-obj1
Step 3
{host ip_address | subnet subnet_address
netmask | range ip_address_1 ip_address_2}
Example:
hostname(config-network-object)# range
10.1.1.1 10.1.1.90
Cisco ASA Series CLI Configuration Guide
1-8
If you enable extended PAT for a dynamic PAT rule, then you cannot also use an address in the PAT
pool as the PAT address in a separate static NAT-with-port-translation rule. For example, if the PAT
pool includes 10.1.1.1, then you cannot create a static NAT-with-port-translation rule using 10.1.1.1
as the PAT address.
If you use a PAT pool and specify an interface for fallback, you cannot specify extended PAT.
For VoIP deployments that use ICE or TURN, do not use extended PAT. ICE and TURN rely on the
PAT binding to be the same for all destinations.
If a host has an existing connection, then subsequent connections from that host will use the same
PAT IP address if ports are available. Note: This "stickiness" does not survive a failover. If the ASA
fails over, then subsequent connections from a host may not use the initial IP address.
Round robin, especially when combined with extended PAT, can consume a large amount of
memory. Because NAT pools are created for every mapped protocol/IP address/port range, round
robin results in a large number of concurrent NAT pools, which use memory. Extended PAT results
in an even larger number of concurrent NAT pools.
Chapter 1
Purpose
See the
"Adding Network Objects for Mapped Addresses" section
on page
1-4.
Configures a network object for which you want to configure
NAT, or enters object network configuration mode for an existing
network object.
If you are creating a new network object, defines the real IP
address(es) (either IPv4 or IPv6) that you want to translate.
Configuring Network Object NAT
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
