Cisco ASA 5505 Configuration Manual page 512
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
NAT in Routed and Transparent Mode
ARP inspection is not supported. Moreover, if for some reason a host on one side of the adaptive
•
security appliance sends an ARP request to a host on the other side of the adaptive security
appliance, and the initiating host real address is mapped to a different address on the same subnet,
then the real address remains visible in the ARP request.
Figure 26-13
and outside interfaces. The transparent firewall in this scenario is performing the NAT service so that the
upstream router does not have to perform NAT.
Figure 26-13
Source Addr Translation
10.1.1.75
When the inside host at 10.1.1.75 sends a packet to a web server, the real source address of the
1.
packet, 10.1.1.75, is changed to a mapped address, 209.165.201.15.
When the server responds, it sends the response to the mapped address, 209.165.201.15, and the
2.
adaptive security appliance receives the packet because the upstream router includes this mapped
network in a static route directed through the adaptive security appliance.
The adaptive security appliance then undoes the translation of the mapped address, 209.165.201.15,
3.
back to the real address, 10.1.1.1.75. Because the real address is directly-connected, the adaptive
security appliance sends it directly to the host.
4.
For host 192.168.1.2, the same process occurs, except that the adaptive security appliance looks up
the route in its route table and sends the packet to the downstream router at 10.1.1.3 based on the
static route.
Cisco ASA 5500 Series Configuration Guide using ASDM
26-14
shows a typical NAT scenario in transparent mode, with the same network on the inside
NAT Example: Transparent Mode
www.example.com
Internet
209.165.201.15
10.1.1.2
10.1.1.75
10.1.1.3
192.168.1.1
Network 2
Static route on router to
209.165.201.0/27 to downstream router
Static route on security appliance for
192.168.1.1/24 to downstream router
Management IP
10.1.1.1
Security
appliance
Source Addr Translation
192.168.1.2
192.168.1.2
Chapter 26
Information About NAT
209.165.201.10
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
