Cisco ASA 5505 Configuration Manual page 518

NAT Interfaces
The resultant ordering would be:
NAT Interfaces
You can configure a NAT rule to apply to any interface, or you can identify specific real and mapped
interfaces. You can also specify any interface for the real address, and a specific interface for the mapped
address, or vice versa.
For example, you might want to specify any interface for the real address and specify the outside
interface for the mapped address if you use the same private addresses on multiple interfaces, and you
want to translate them all to the same global pool when accessing the outside
Figure 26-17
10.1.2.0
Mapped Address Guidelines
When you translate the real address to a mapped address, you can use the following mapped addresses:
•
Cisco ASA 5500 Series Configuration Guide using ASDM
26-20
192.168.1.1/32 (static)
10.1.1.0/24 (static)
192.168.1.0/24 (static)
172.16.1.0/24 (dynamic) (object abc)
172.16.1.0/24 (dynamic) (object def)
192.168.1.0/24 (dynamic)
Specifying Any Interface
209.165.201.1:xxxx
10.1.2.0
any
Eng
Addresses on the same network as the mapped interface.
If you use addresses on the same network as the mapped interface (through which traffic exits the
adaptive security appliance), the adaptive security appliance uses proxy ARP to answer any requests
for mapped addresses, and thus it intercepts traffic destined for a real address. This solution
simplifies routing because the adaptive security appliance does not have to be the gateway for any
additional networks. However, this approach does put a limit on the number of available addresses
used for translations.
For PAT, you can even use the IP address of the mapped interface.
Outside
Security
Appliance
10.1.2.0 10.1.2.0
Mktg HR
Chapter 26 Information About NAT
(Figure 26-17).
OL-20339-01