26-20
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 26 Information About NAT
NAT Interfaces
The resultant ordering would be:
192.168.1.1/32 (static)
10.1.1.0/24 (static)
192.168.1.0/24 (static)
172.16.1.0/24 (dynamic) (object abc)
172.16.1.0/24 (dynamic) (object def)
192.168.1.0/24 (dynamic)
NAT Interfaces
You can configure a NAT rule to apply to any interface, or you can identify specific real and mapped
interfaces. You can also specify any interface for the real address, and a specific interface for the mapped
address, or vice versa.
For example, you might want to specify any interface for the real address and specify the outside
interface for the mapped address if you use the same private addresses on multiple interfaces, and you
want to translate them all to the same global pool when accessing the outside (Figure 26-17).
Figure 26-17 Specifying Any Interface
Mapped Address Guidelines
When you translate the real address to a mapped address, you can use the following mapped addresses:
• Addresses on the same network as the mapped interface.
If you use addresses on the same network as the mapped interface (through which traffic exits the
adaptive security appliance), the adaptive security appliance uses proxy ARP to answer any requests
for mapped addresses, and thus it intercepts traffic destined for a real address. This solution
simplifies routing because the adaptive security appliance does not have to be the gateway for any
additional networks. However, this approach does put a limit on the number of available addresses
used for translations.
For PAT, you can even use the IP address of the mapped interface.
Outside
Mktg
10.1.2.0 10.1.2.010.1.2.0
Security
Appliance
Eng HR
10.1.2.0 209.165.201.1:xxxx
any
248768
To Next Page
Loading...
Need help?
General
