28-3
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 28 Configuring Twice NAT
Configuring Twice NAT
• The mapped IP address pool cannot include:
–
The mapped interface IP address. If you specify --Any-- interface for the rule, then all interface
IP addresses are disallowed. For interface PAT (routed mode only), use the interface name
instead of the IP address.
–
(Transparent mode) The management IP address.
–
(Dynamic NAT) The standby interface IP address when VPN is enabled.
–
Existing VPN pool addresses.
Configuring Twice NAT
This section describes how to configure twice NAT to create rules for dynamic NAT, dynamic PAT, static
NAT, static NAT with port translation, and identity NAT. This section includes the following topics:
• Configuring Dynamic NAT, page 28-3
• Configuring Dynamic PAT (Hide), page 28-7
• Configuring Static NAT or Static NAT with Port Translation, page 28-11
• Configuring Identity NAT, page 28-15
Configuring Dynamic NAT
This section describes how to configure a dynamic NAT rule using twice NAT. For more information
about dynamic NAT, see the “Dynamic NAT” section on page 26-8.
Detailed Steps
To configure dynamic NAT, perform the following steps:
Step 1 Choose Configuration > Firewall > NAT Rules, and then click Add.
If you want to add this rule to section 3 after the network object rules, then click the down arrow next to
Add, and choose Add NAT Rule After Network Object NAT Rules.
Figure 28-1 Adding a NAT Rule
s
The Add NAT Rule dialog box appears.
To Next Page
Loading...
Need help?
General
