Using Static Pat - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Using Static PAT
For example, the following policy static NAT example shows a single real address that is translated to
two mapped addresses depending on the destination address (see
figure):
hostname(config)# access-list NET1 permit ip host 10.1.2.27 209.165.201.0 255.255.255.224
hostname(config)# access-list NET2 permit ip host 10.1.2.27 209.165.200.224
255.255.255.224
hostname(config)# static (inside,outside) 209.165.202.129 access-list NET1
hostname(config)# static (inside,outside) 209.165.202.130 access-list NET2
The following command maps an inside IP address (10.1.1.3) to an outside IP address (209.165.201.12):
hostname(config)# static (inside,outside) 209.165.201.12 10.1.1.3 netmask 255.255.255.255
The following command maps the outside address (209.165.201.15) to an inside address (10.1.1.6):
hostname(config)# static (outside,inside) 10.1.1.6 209.165.201.15 netmask 255.255.255.255
The following command statically maps an entire subnet:
hostname(config)# static (inside,dmz) 10.1.1.0 10.1.2.0 netmask 255.255.255.0
Using Static PAT
This section describes how to configure a static port translation. Static PAT lets you translate the real IP
address to a mapped IP address, as well as the real port to a mapped port. You can choose to translate
the real port to the same port, which lets you translate only specific types of traffic, or you can take it
further by translating to a different port.
Figure 17-22
remote hosts can originate connections, and the mapped address and port is statically assigned by the
static command.
Figure 17-22
10.1.1.2:8080
For applications that require application inspection for secondary channels (FTP, VoIP, etc.), the security
appliance automatically translates the secondary ports.
Cisco Security Appliance Command Line Configuration Guide
17-26
hostname(config)# static (real_interface,mapped_interface) {mapped_ip | interface}
real_ip [netmask mask] [dns] [norandomseq] [[tcp] tcp_max_conns [emb_limit]]
[udp udp_max_conns]
See the
"Configuring Dynamic NAT or PAT" section on page 17-22
options.
shows a typical static PAT scenario. The translation is always active so both translated and
Static PAT
Security
Appliance
10.1.1.1:23
Inside Outside
209.165.201.1:23
209.165.201.2:80
Chapter 17
for information about the
Figure 17-8 on page 17-10
Applying NAT
for a related
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
