Cisco ASA 5505 Configuration Manual page 574
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Configuring Twice NAT
For the Match Criteria: Translated Packet > Destination Address, click the browse button
b.
choose an existing network object, group, or interface from the Browse Translated Destination
Address dialog box.
You can also create a new named object or group from the Browse Translated Destination Address
dialog box and use this object or group as the mapped destination address.
For static NAT, the mapping is typically one-to-one, so the real addresses have the same quantity as
the mapped addresses. You can, however, have different quantities if desired.
For static interface NAT with port translation, you can specify the interface instead of a network
object/group for the mapped address. For more information, see the
Translation" section on page
See the
mapped IP addresses.
(Optional) Identify the translated packet source or destination port (the mapped source port or the real
Step 7
destination port). For the Match Criteria: Translated Packet > Service, click the browse button
choose an existing TCP or UDP service object from the Browse Translated Service dialog box.
You can also create a new service object from the Browse Translated Service dialog box and use this
object as the mapped port.
A service object can contain both a source and destination port. You should specify either the source or
the destination port for both real and mapped service objects. You should only specify both the source
and destination ports if your application uses a fixed source port (such as some DNS servers); but fixed
source ports are rare. In the rare case where you specify both the source and destination ports in the
object, the original packet service object contains the real source port/mapped destination port; the
translated packet service object contains the mapped source port/real destination port. NAT only
supports TCP or UDP. When translating a port, be sure the protocols in the real and mapped service
objects are identical (both TCP or both UDP). For identity NAT, you can use the same service object for
both the real and mapped ports. The "not equal" (!=) operator is not supported.
Step 8
(Optional) Configure NAT options in the Options area.
Figure 28-22
Check the Enable rule check box to enable this NAT rule. The rule is enabled by default.
a.
b.
To rewrite the DNS A record in DNS replies, check the Translate DNS replies that match this rule
check box.
Be sure DNS inspection is enabled (it is enabled by default). See the
page 26-21
To make the rule unidirectional, choose Unidirectional from the Direction drop-down list. The
c.
default is Both. Making the rule unidirectional prevents traffic from initiating connections to the real
addresses. You might want to use this setting for testing purposes.
In the Description field, add a description about the rule up to 200 characters in length.
d.
Cisco ASA 5500 Series Configuration Guide using ASDM
28-14
26-5.
"Guidelines and Limitations" section on page 28-2
NAT Options
for more information.
Chapter 28
Configuring Twice NAT
"Static Interface NAT with Port
for information about disallowed
"DNS and NAT" section on
and
and
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
