10-6
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 10 NAT Examples and Reference
Examples for Twice NAT
hostname(config)# object network SMTP_SERVER
hostname(config-network-object)# host 10.1.2.29
hostname(config-network-object)# nat (inside,outside) static 209.165.201.3 service tcp
smtp smtp
Examples for Twice NAT
This section includes the following configuration examples:
• Different Translation Depending on the Destination (Dynamic Twice PAT), page 10-6
• Different Translation Depending on the Destination Address and Port (Dynamic PAT), page 10-7
• Example: Twice NAT with Destination Address Translation, page 10-9
Different Translation Depending on the Destination (Dynamic Twice PAT)
The following figure shows a host on the 10.1.2.0/24 network accessing two different servers. When the
host accesses the server at 209.165.201.11, the real address is translated to 209.165.202.129:port. When
the host accesses the server at 209.165.200.225, the real address is translated to 209.165.202.130:port.
Figure 10-5 Twice NAT with Different Destination Addresses
Procedure
Step 1 Add a network object for the inside network:
Server 1
209.165.201.11
Server 2
209.165.200.225
DMZ
Inside
10.1.2.27
10.1.2.0/24
130039
209.165.201.0/27 209.165.200.224/27
Translation
209.165.202.12910.1.2.27
Translation
209.165.202.13010.1.2.27
Packet
Dest. Address:
209.165.201.11
Packet
Dest. Address:
209.165.200.225
To Next Page
Loading...
