Cisco ASA Series Cli Configuration Manual page 838

Configuration Examples for Twice NAT
By default, the NAT rule is added to the end of section 1 of the NAT table, See the
PAT (Hide)" section on page 1-11
the NAT rule.
Step 5
Add a network object for the DMZ network 2:
hostname(config)# object network DMZnetwork2
hostname(config-network-object)# subnet 209.165.200.224 255.255.255.224
Step 6
Add a network object for the PAT address:
hostname(config)# object network PATaddress2
hostname(config-network-object)# host 209.165.202.130
Step 7
Configure the second twice NAT rule:
hostname(config)# nat (inside,dmz) source dynamic myInsideNetwork PATaddress2 destination
static DMZnetwork2 DMZnetwork2
Different Translation Depending on the Destination Address and Port
(Dynamic PAT)
Figure 1-2
a single host for both web services and Telnet services. When the host accesses the server for Telnet
services, the real address is translated to 209.165.202.129:port. When the host accesses the same server
for web services, the real address is translated to 209.165.202.130:port.
Figure 1-2
10.1.2.27:80
Step 1
Add a network object for the inside network:
Cisco ASA Series CLI Configuration Guide
1-26
for more information about specifying the section and line number for
shows the use of source and destination ports. The host on the 10.1.2.0/24 network accesses
Twice NAT with Different Destination Ports
Web and Telnet server:
209.165.201.11
Internet
Translation
209.165.202.129
Web Packet
Dest. Address:
209.165.201.11:80
10.1.2.27
Translation
10.1.2.27:23
Inside
10.1.2.0/24
Telnet Packet
Dest. Address:
209.165.201.11:23
Chapter 1 Configuring Twice NAT
"Configuring Dynamic
209.165.202.130