beautypg.com

Configuring dynamic nat – Cisco ASA 5505 User Manual

Page 586

background image

30-4

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 30 Configuring Network Object NAT

Configuring Network Object NAT

Configuring Dynamic NAT

This section describes how to configure network object NAT for dynamic NAT. For more information,
see the

“Dynamic NAT” section on page 29-8

.

Detailed Steps

Command

Purpose

Step 1

Network object:

object network

obj_name

range

ip_address_1 ip_address_2

Network object group:

object-group network

grp_name

{network-object {object net_obj_name |

host

ip_address} |

group-object

grp_obj_name}

Example:

hostname(config)# object network TEST

hostname(config-network-object)# range

10.1.1.1 10.1.1.70

hostname(config)# object network TEST2

hostname(config-network-object)# range

10.1.2.1 10.1.2.70

hostname(config-network-object)#

object-group network MAPPED_IPS

hostname(config-network)# network-object

object TEST

hostname(config-network)# network-object

object TEST2

hostname(config-network)# network-object

host 10.1.2.79

To specify the mapped addresses (that you want to translate to),
configure a network object or network object group. A network
object group can contain objects and/or inline addresses.

Note

The object or group cannot contain a subnet.

If a mapped network object contains both ranges and host IP
addresses, then the ranges are used for dynamic NAT, and then the
host IP addresses are used as a PAT fallback.

See the

“Guidelines and Limitations” section on page 30-2

for

information about disallowed mapped IP addresses.

For more information about configuring a network object or group,
see the

“Configuring Objects” section on page 13-3

.

Step 2

object network

obj_name

Example:

hostname(config)# object network

my-host-obj1

Configures a network object for which you want to configure NAT,
or enters object network configuration mode for an existing network
object.

Step 3

{host ip_address | subnet subnet_address

netmask | range ip_address_1 ip_address_2}

Example:

hostname(config-network-object)# subnet

10.1.1.0 255.255.255.0

If you are creating a new network object, defines the real IP
address(es) that you want to translate.

This manual is related to the following products:
See also other documents in the category Cisco Hardware: