Dynamic Nat; About Dynamic Nat - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Dynamic NAT
Dynamic NAT
The following topics explain dynamic NAT and how to configure it.
•
•
•
About Dynamic NAT
Dynamic NAT translates a group of real addresses to a pool of mapped addresses that are routable on the
destination network. The mapped pool typically includes fewer addresses than the real group. When a
host you want to translate accesses the destination network, the ASA assigns the host an IP address from
the mapped pool. The translation is created only when the real host initiates the connection. The
translation is in place only for the duration of the connection, and a given user does not keep the same
IP address after the translation times out. Users on the destination network, therefore, cannot initiate a
reliable connection to a host that uses dynamic NAT, even if the connection is allowed by an access rule.
For the duration of the translation, a remote host can initiate a connection to the translated host if an
Note
access rule allows it. Because the address is unpredictable, a connection to the host is unlikely.
Nevertheless, in this case you can rely on the security of the access rule.
The following figure shows a typical dynamic NAT scenario. Only real hosts can create a NAT session,
and responding traffic is allowed back.
Figure 9-2
10.1.1.1
10.1.1.2
Cisco ASA Series Firewall CLI Configuration Guide
9-12
About Dynamic NAT, page 9-12
Configure Dynamic Network Object NAT, page 9-14
Configure Dynamic Twice NAT, page 9-16
Dynamic NAT
Security
Appliance
209.165.201.1
209.165.201.2
Inside Outside
Chapter 9
Network Address Translation (NAT)
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
