Cisco ASA Series Cli Configuration Manual page 765
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Information About NAT
The resultant ordering would be:
NAT Interfaces
You can configure a NAT rule to apply to any interface (in other words, all interfaces), or you can identify
specific real and mapped interfaces. You can also specify any interface for the real address, and a specific
interface for the mapped address, or vice versa.
For example, you might want to specify any interface for the real address and specify the outside
interface for the mapped address if you use the same private addresses on multiple interfaces, and you
want to translate them all to the same global pool when accessing the outside.
Note
For transparent mode, you must choose specific source and destination interfaces.
Routing NAT Packets
The ASA needs to be the destination for any packets sent to the mapped address. The ASA also needs to
determine the egress interface for any packets it receives destined for mapped addresses. This section
describes how the ASA handles accepting and delivering packets with NAT, and includes the following
topics:
•
•
•
Mapped Addresses and Routing
When you translate the real address to a mapped address, the mapped address you choose determines
how to configure routing, if necessary, for the mapped address.
See additional guidelines about mapped IP addresses in
and
See the following mapped address types:
•
192.168.1.1/32 (static)
10.1.1.0/24 (static)
192.168.1.0/24 (static)
172.16.1.0/24 (dynamic) (object abc)
172.16.1.0/24 (dynamic) (object def)
192.168.1.0/24 (dynamic)
Mapped Addresses and Routing, page 1-19
Transparent Mode Routing Requirements for Remote Networks, page 1-21
Determining the Egress Interface, page 1-22
Chapter 5, "Configuring Twice NAT."
Addresses on the same network as the mapped interface.
If you use addresses on the same network as the mapped interface, the ASA uses proxy ARP to
answer any ARP requests for the mapped addresses, thus intercepting traffic destined for a mapped
address. This solution simplifies routing because the ASA does not have to be the gateway for any
additional networks. This solution is ideal if the outside network contains an adequate number of
Chapter 4, "Configuring Network Object NAT,"
Cisco ASA Series CLI Configuration Guide
NAT Interfaces
1-19
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
