Cisco ASA 5506-X Configuration Manual page 54
Cli
Hide thumbs
Also See for ASA 5506-X:
- Installation manual (46 pages) ,
- Hardware installation manual (26 pages) ,
- Quick start manual (14 pages)
Advertisement
NAT Basics
•
•
Note
NAT is not required. If you do not configure NAT for a given set of traffic, that traffic will not be
translated, but will have all of the security policies applied as normal.
NAT Basics
The following topics explain some of the basics of NAT.
•
•
•
•
•
NAT Terminology
This document uses the following terminology:
•
•
•
•
Cisco ASA Series Firewall CLI Configuration Guide
4-2
Flexibility—You can change internal IP addressing schemes without affecting the public addresses
available externally; for example, for a server accessible to the Internet, you can maintain a fixed IP
address for Internet use, but internally, you can change the server address.
Translating between IPv4 and IPv6 (Routed mode only) —If you want to connect an IPv6 network
to an IPv4 network, NAT lets you translate between the two types of addresses.
NAT Terminology, page 4-2
NAT Types, page 4-3
Network Object NAT and Twice NAT, page 4-3
NAT Rule Order, page 4-5
NAT Interfaces, page 4-6
Real address/host/network/interface—The real address is the address that is defined on the host,
before it is translated. In a typical NAT scenario where you want to translate the inside network when
it accesses the outside, the inside network would be the "real" network. Note that you can translate
any network connected to the ASA, not just an inside network, Therefore if you configure NAT to
translate outside addresses, "real" can refer to the outside network when it accesses the inside
network.
Mapped address/host/network/interface—The mapped address is the address that the real address is
translated to. In a typical NAT scenario where you want to translate the inside network when it
accesses the outside, the outside network would be the "mapped" network.
Note
During address translation, IP addresses residing on the ASA's interfaces are not translated.
Bidirectional initiation—Static NAT allows connections to be initiated bidirectionally, meaning
both to the host and from the host.
Source and destination NAT—For any given packet, both the source and destination IP addresses are
compared to the NAT rules, and one or both can be translated/untranslated. For static NAT, the rule
is bidirectional, so be aware that "source" and "destination" are used in commands and descriptions
throughout this guide even though a given connection might originate at the "destination" address.
Chapter 4
Network Address Translation (NAT
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
