Cisco ASA 5505 Configuration Manual page 566

Configuring Twice NAT
If you want to translate the destination address, then the static mapping is typically one-to-one, so
the real addresses have the same quantity as the mapped addresses. You can, however, have different
quantities if desired. For more information, see the
"Guidelines and Limitations" section on page 28-2
addresses.
For static interface NAT with port translation only, choose an interface. If you specify an interface,
be sure to also configure a a service translation. For this option, you must configure a specific
interface for the Source Interface. See the
page 26-5
Figure 28-6
Step 7 (Optional) Identify the translated packet port (the real destination port). For the Match Criteria:
Translated Packet > Service, click the browse button
object from the Browse Translated Service dialog box.
You can also create a new service object from the Browse Translated Service dialog box and use this
object as the mapped destination port.
Dynamic NAT does not support port translation. However, because the destination translation is always
static, you can perform port translation for the destination port. A service object can contain both a
source and destination port, but only the destination port is used in this case. If you specify the source
port, it will be ignored. NAT only supports TCP or UDP. When translating a port, be sure the protocols
in the real and mapped service objects are identical (both TCP or both UDP). For identity NAT, you can
use the same service object for both the real and mapped ports. The "not equal" (!=) operator is not
supported.
(Optional) To use the interface IP address as a backup method if the other mapped addresses are already
Step 8
allocated, check the Fall through to interface PAT check box.
The destination interface IP address is used. This option is only available if you configure a specific
Destination Interface.
Figure 28-7
(Optional) Configure NAT options in the Options area.
Step 9
Cisco ASA 5500 Series Configuration Guide using ASDM
28-6
for more information.
Browse Dialog Box
Fall Through to Interface PAT
Chapter 28
"Static NAT" section on page
for information about disallowed mapped IP
"Static Interface NAT with Port Translation" section on
and choose an existing TCP or UDP service
Configuring Twice NAT
26-3. See the
OL-20339-01