Cisco ASA Series Cli Configuration Manual page 804
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Configuration Examples for Network Object NAT
When an inside host sends a DNS request for the address of ftp.cisco.com, the DNS server replies with
the mapped address (209.165.201.10). The ASA refers to the static rule for the inside server and
translates the address inside the DNS reply to 10.1.3.14. If you do not enable DNS reply modification,
then the inside host attempts to send traffic to 209.165.201.10 instead of accessing ftp.cisco.com
directly.
Figure 1-5
3
DNS Reply Modification
209.165.201.10
Step 1
Create a network object for the FTP server address:
hostname(config)# object network FTP_SERVER
Step 2
Define the FTP server address, and configure static NAT with DNS modification:
hostname(config-network-object)# host 10.1.3.14
hostname(config-network-object)# nat (inside,outside) static 209.165.201.10 dns
Cisco ASA Series CLI Configuration Guide
1-24
DNS Reply Modification
1
DNS Query
ftp.cisco.com?
2
DNS Reply
209.165.201.10
10.1.3.14
4
DNS Reply
10.1.3.14
Chapter 1
DNS Server
Outside
Security
Appliance
Inside
ftp.cisco.com
User
10.1.3.14
Static Translation
on Outside to:
209.165.201.10
5
FTP Request
10.1.3.14
Configuring Network Object NAT
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
