Cisco ASA Series Cli Configuration Manual page 828

Configuring Twice NAT
Command
Cisco ASA Series CLI Configuration Guide
1-16
Purpose
(continued)
•
Destination addresses (Optional):
–
Mapped—Specify a network object or group, or for static
interface NAT with port translation only (routed mode),
specify the interface keyword. If you specify ipv6, then
the IPv6 address of the interface is used. If you specify
interface, be sure to also configure the service keyword.
For this option, you must configure a specific interface
for the real_ifc. See the
Translation" section on page 1-5
–
Real—Specify a network object or group. For identity
NAT, simply use the same object or group for both the
real and mapped addresses.
•
Destination port—(Optional) Specify the service keyword
along with the real and mapped service objects. For identity
port translation, simply use the same service object for both
the real and mapped ports.
•
DNS—(Optional; for a source-only rule) The dns keyword
translates DNS replies. Be sure DNS inspection is enabled (it
is enabled by default). You cannot configure the dns keyword
if you configure a destination address. See the
NAT" section on page 1-28
•
Unidirectional—(Optional) Specify unidirectional so the
destination addresses cannot initiate traffic to the source
addresses.
•
Inactive—(Optional) To make this rule inactive without
having to remove the command, use the inactive keyword. To
reactivate it, reenter the whole command without the inactive
keyword.
•
Description—(Optional) Provide a description up to 200
characters using the description keyword.
Chapter 1 Configuring Twice NAT
"Static Interface NAT with Port
for more information.
"DNS and
for more information.