28-6
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 28 Configuring Twice NAT
Configuring Twice NAT
If you want to translate the destination address, then the static mapping is typically one-to-one, so
the real addresses have the same quantity as the mapped addresses. You can, however, have different
quantities if desired. For more information, see the “Static NAT” section on page 26-3. See the
“Guidelines and Limitations” section on page 28-2 for information about disallowed mapped IP
addresses.
For static interface NAT with port translation only, choose an interface. If you specify an interface,
be sure to also configure a a service translation. For this option, you must configure a specific
interface for the Source Interface. See the “Static Interface NAT with Port Translation” section on
page 26-5 for more information.
Figure 28-6 Browse Dialog Box
Step 7
(Optional) Identify the translated packet port (the real destination port). For the Match Criteria:
Translated Packet > Service, click the browse button and choose an existing TCP or UDP service
object from the Browse Translated Service dialog box.
You can also create a new service object from the Browse Translated Service dialog box and use this
object as the mapped destination port.
Dynamic NAT does not support port translation. However, because the destination translation is always
static, you can perform port translation for the destination port. A service object can contain both a
source and destination port, but only the destination port is used in this case. If you specify the source
port, it will be ignored. NAT only supports TCP or UDP. When translating a port, be sure the protocols
in the real and mapped service objects are identical (both TCP or both UDP). For identity NAT, you can
use the same service object for both the real and mapped ports. The “not equal” (!=) operator is not
supported.
Step 8 (Optional) To use the interface IP address as a backup method if the other mapped addresses are already
allocated, check the Fall through to interface PAT check box.
The destination interface IP address is used. This option is only available if you configure a specific
Destination Interface.
Figure 28-7 Fall Through to Interface PAT
Step 9 (Optional) Configure NAT options in the Options area.
To Next Page
Loading...
