26-5
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 26 Information About NAT
NAT Types
Static NAT with Identity Port Translation
The following static NAT with port translation example provides a single address for remote users to
access FTP, HTTP, and SMTP. These servers are actually different devices on the real network, but for
each server, you can specify static NAT with port translation rules that use the same mapped IP address,
but different ports. (See Figure 26-3. See the “Single Address for FTP, HTTP, and SMTP (Static NAT
with Port Translation)” section on page 27-29 for details on how to configure this example.)
Figure 26-3 Static NAT with Port Translation
Static NAT with Port Translation for Non-Standard Ports
You can also use static NAT with port translation to translate a well-known port to a non-standard port
or vice versa. For example, if inside web servers use port 8080, you can allow outside users to connect
to port 80, and then undo translation to the original port 8080. Similarly, to provide extra security, you
can tell web users to connect to non-standard port 6785, and then undo translation to port 80.
Static Interface NAT with Port Translation
You can configure static NAT to map a real address to an interface address/port combination. For
example, if you want to redirect Telnet access to the adaptive security appliance outside port to an inside
IP address (for example, a router interface), then you can map the inside IP address on port 23 to the
interface address on port 23. (Note that Telnet is not allowed to the lowest security interface normally;
static NAT with interface port translation redirects the disallowed Telnet session instead of denying it).
Host
Outside
Inside
Undo Translation
10.1.2.27209.165.201.3:21
Undo Translation
10.1.2.28209.165.201.3:80
Undo Translation
10.1.2.29209.165.201.3:25
FTP server
10.1.2.27
HTTP server
10.1.2.28
SMTP server
10.1.2.29
130031
To Next Page
Loading...
Need help?
General
