Cisco ASA 5505 Configuration Manual page 507
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 26
Information About NAT
Information About Dynamic NAT
Dynamic NAT translates a group of real addresses to a pool of mapped addresses that are routable on the
destination network. The mapped pool typically includes fewer addresses than the real group. When a
host you want to translate accesses the destination network, the adaptive security appliance assigns the
host an IP address from the mapped pool. The translation is created only when the real host initiates the
connection. The translation is in place only for the duration of the connection, and a given user does not
keep the same IP address after the translation times out. Users on the destination network, therefore,
cannot initiate a reliable connection to a host that uses dynamic NAT, even if the connection is allowed
by an access rule.
Figure 26-8
responding traffic is allowed back.
Figure 26-8
10.1.1.1
10.1.1.2
Figure 26-9
is not currently in the translation table; therefore, the adaptive security appliance drops the packet.
Figure 26-9
Web Server
www.example.com
OL-20339-01
shows a typical dynamic NAT scenario. Only real hosts can create a NAT session, and
Dynamic NAT
Security
Appliance
209.165.201.1
209.165.201.2
Inside Outside
shows a remote host attempting to initiate a connection to a mapped address. This address
Remote Host Attempts to Initiate a Connection to a Mapped Address
Outside
209.165.201.2
209.165.201.10
Security
Appliance
10.1.2.1
Inside
10.1.2.27
Cisco ASA 5500 Series Configuration Guide using ASDM
NAT Types
26-9
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
