Cisco ASA Series Cli Configuration Manual page 818

Configuring Twice NAT
Detailed Steps
Command
object network obj_name
{host ip_address | subnet
subnet_address netmask | range
ip_address_1 ip_address_2}
Example:
hostname(config)# object network MyInsNet
hostname(config-network-object)# subnet
10.1.1.0 255.255.255.0
object-group network grp_name
{network-object {object net_obj_name |
subnet_address netmask |
host ip_address} |
group-object grp_obj_name}
Example:
hostname(config)# object network TEST
hostname(config-network-object)# range
10.1.1.1 10.1.1.70
hostname(config)# object network TEST2
hostname(config-network-object)# range
10.1.2.1 10.1.2.70
hostname(config-network-object)#
object-group network MAPPED_IPS
hostname(config-network)# network-object
object TEST
hostname(config-network)# network-object
object TEST2
hostname(config-network)# network-object
host 10.1.2.79
(Optional) Adding Service Objects for Real and Mapped Ports
Configure service objects for:
•
•
For more information about configuring a service object, see the
on page
Guidelines
•
•
•
•
Cisco ASA Series CLI Configuration Guide
1-6
Purpose
Adds a network object, either IPv4 or IPv6.
Adds a network object group, either IPv4 or IPv6.
Source real port (Static only) or Destination real port
Source mapped port (Static only) or Destination mapped port
1-5.
NAT only supports TCP or UDP. When translating a port, be sure the protocols in the real and
mapped service objects are identical (both TCP or both UDP).
The "not equal" (neq) operator is not supported.
For identity port translation, you can use the same service object for both the real and mapped ports.
Source Dynamic NAT—Source Dynamic NAT does not support port translation.
Chapter 1 Configuring Twice NAT
"Configuring a Service Object" section