EasyManuals Logo

Cisco ASA 5512-X Cli Configuration Guide

Cisco ASA 5512-X
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #788 background imageLoading...
Page #788 background image
1-8
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Network Object NAT
Configuring Network Object NAT
If you enable extended PAT for a dynamic PAT rule, then you cannot also use an address in the PAT
pool as the PAT address in a separate static NAT-with-port-translation rule. For example, if the PAT
pool includes 10.1.1.1, then you cannot create a static NAT-with-port-translation rule using 10.1.1.1
as the PAT address.
If you use a PAT pool and specify an interface for fallback, you cannot specify extended PAT.
For VoIP deployments that use ICE or TURN, do not use extended PAT. ICE and TURN rely on the
PAT binding to be the same for all destinations.
For round robin for a PAT pool:
If a host has an existing connection, then subsequent connections from that host will use the same
PAT IP address if ports are available. Note: This “stickiness” does not survive a failover. If the ASA
fails over, then subsequent connections from a host may not use the initial IP address.
Round robin, especially when combined with extended PAT, can consume a large amount of
memory. Because NAT pools are created for every mapped protocol/IP address/port range, round
robin results in a large number of concurrent NAT pools, which use memory. Extended PAT results
in an even larger number of concurrent NAT pools.
Detailed Steps
Command Purpose
Step 1
(Optional) Create a network object or group for
the mapped addresses.
See the Adding Network Objects for Mapped Addresses” section
on page 1-4.
Step 2
object network obj_name
Example:
hostname(config)# object network
my-host-obj1
Configures a network object for which you want to configure
NAT, or enters object network configuration mode for an existing
network object.
Step 3
{host ip_address | subnet subnet_address
netmask | range ip_address_1 ip_address_2}
Example:
hostname(config-network-object)# range
10.1.1.1 10.1.1.90
If you are creating a new network object, defines the real IP
address(es) (either IPv4 or IPv6) that you want to translate.

Table of Contents

Other manuals for Cisco ASA 5512-X

Preview: Quick Start Guide
Quick Start Guide14 pages
Preview: Configuration Guide
Configuration Guide428 pages
Preview: Hardware Installation Guide
Hardware Installation Guide74 pages
Preview: Software Guide
Software Guide37 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5512-X and is the answer not in the manual?

Cisco ASA 5512-X Specifications

General IconGeneral
Firewall Throughput1.2 Gbps
VPN Throughput200 Mbps
Maximum VPN Peers250
Integrated IPSYes
IPS Throughput250 Mbps
RAM4 GB
Power SupplyAC, 100-240V
Security Contexts2 (Standard), 50 (with Security Contexts license)
Interfaces6 x Gigabit Ethernet
Dimensions (H x W x D)1.75 x 17.5 x 14.5 inches
Weight16 lbs

Related product manuals