Cisco ASA 5505 Configuration Manual page 514

How NAT is Implemented
Information About Network Object NAT
All NAT rules that are configured as a parameter of a network object are considered to be network object
NAT rules. Network object NAT is a quick and easy way to configure NAT for a network object, which
can be a single IP address, a range of addresses, or a subnet.
After you configure the network object, you can then identify the mapped address for that object, either
as an inline address or as another network object or network object group.
When a packet enters the adaptive security appliance, both the source and destination IP addresses are
checked against the network object NAT rules. The source and destination address in the packet can be
translated by separate rules if separate matches are made. These rules are not tied to each other; different
combinations of rules can be used depending on the traffic.
Because the rules are never paired, you cannot specify that sourceA/destinationA should have a different
translation than sourceA/destinationB. Use twice NAT for that kind of functionality (twice NAT lets you
identify the source and destination address in a single rule).
To start configuring network object NAT, see
Information About Twice NAT
Twice NAT lets you identify both the source and destination address in a single rule. Specifying both the
source and destination addresses lets you specify that sourceA/destinationA can have a different
translation than sourceA/destinationB.
The destination address is optional. If you specify the destination address, you can either map it to itself
(identity NAT), or you can map it to a different address. The destination mapping is always a static
mapping.
Twice NAT also lets you use service objects for static NAT with port translation; network object NAT
only accepts inline definition.
To start configuring twice NAT, see
Figure 26-14
accesses the server at 209.165.201.11, the real address is translated to 209.165.202.129. When the host
accesses the server at 209.165.200.225, the real address is translated to 209.165.202.130. (See the
"Single Address for FTP, HTTP, and SMTP (Static NAT with Port Translation)" section on page 27-29
for details on how to configure this example.)
Cisco ASA 5500 Series Configuration Guide using ASDM
26-16
Chapter 28, "Configuring Twice NAT."
shows a host on the 10.1.2.0/24 network accessing two different servers. When the host
Chapter 27, "Configuring Network Object NAT."
Chapter 26 Information About NAT
OL-20339-01