Cisco FirePOWER ASA 5500 series Configuration Manual page 307

Chapter 17 Applying NAT
Using Dynamic NAT and PAT
You can enter a nat command for each interface using the same NAT ID; they all use the same global
command when traffic exits a given interface. For example, you can configure nat commands for Inside
and DMZ interfaces, both on NAT ID 1. Then you configure a global command on the Outside interface
that is also on ID 1. Traffic from the Inside interface and the DMZ interface share a mapped pool or a
PAT address when exiting the Outside interface (see Figure 17-14).
Figure 17-14 nat Commands on Multiple Interfaces
Web Server:
www.cisco.com
Translation
Outside
10.1.1.15 209.165.201.4
Global 1: 209.165.201.3-
209.165.201.10
NAT 1: 10.1.1.0/24
DMZ
Translation
10.1.2.27 209.165.201.3
10.1.1.15
NAT 1: 10.1.2.0/24
Inside
10.1.2.27
See the following commands for this example:
hostname(config)# nat (inside) 1 10.1.2.0 255.255.255.0
hostname(config)# nat (dmz) 1 10.1.1.0 255.255.255.0
hostname(config)# global (outside) 1 209.165.201.3-209.165.201.10
Cisco Security Appliance Command Line Configuration Guide
17-17
OL-10088-01