Cisco ASA Series Cli Configuration Manual page 790
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Configuring Network Object NAT
Command
Examples
The following example configures dynamic PAT that hides the 192.168.2.0 network behind address
10.2.2.2:
hostname(config)# object network my-inside-net
hostname(config-network-object)# subnet 192.168.2.0 255.255.255.0
hostname(config-network-object)# nat (inside,outside) dynamic 10.2.2.2
The following example configures dynamic PAT that hides the 192.168.2.0 network behind the outside
interface address:
hostname(config)# object network my-inside-net
hostname(config-network-object)# subnet 192.168.2.0 255.255.255.0
hostname(config-network-object)# nat (inside,outside) dynamic interface
Cisco ASA Series CLI Configuration Guide
1-10
Chapter 1
Purpose
(continued)
–
Extended PAT—The extended keyword enables
extended PAT. Extended PAT uses 65535 ports per
service, as opposed to per IP address, by including the
destination address and port in the translation
information. Normally, the destination port and address
are not considered when creating PAT translations, so
you are limited to 65535 ports per PAT address. For
example, with extended PAT, you can create a translation
of 10.1.1.1:1027 when going to 192.168.1.7:23 as well as
a translation of 10.1.1.1:1027 when going to
192.168.1.7:80.
–
Flat range—The flat keyword enables use of the entire
1024 to 65535 port range when allocating ports. When
choosing the mapped port number for a translation, the
ASA uses the real source port number if it is available.
However, without this option, if the real port is not
available, by default the mapped ports are chosen from
the same range of ports as the real port number: 1 to 511,
512 to 1023, and 1024 to 65535. To avoid running out of
ports at the low ranges, configure this setting. To use the
entire range of 1 to 65535, also specify the
include-reserve keyword.
•
Interface PAT fallback—(Optional) The interface keyword
enables interface PAT fallback when entered after a primary
PAT address. After the primary PAT address(es) are used up,
then the IP address of the mapped interface is used. If you
specify ipv6, then the IPv6 address of the interface is used.
For this option, you must configure a specific interface for the
mapped_ifc. (You cannot specify interface in transparent
mode).
•
DNS—(Optional) The dns keyword translates DNS replies.
Be sure DNS inspection is enabled (it is enabled by default).
See the
"DNS and NAT" section on page 1-28
information.
Configuring Network Object NAT
for more
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
