Cisco ASA 5505 User Manual
Page 621
31-15
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 31 Configuring Twice NAT
Configuring Twice NAT
Configuring Static NAT or Static NAT-with-Port-Translation
This section describes how to configure a static NAT rule using twice NAT. For more information about
static NAT, see the
“Static NAT” section on page 29-3
.
Detailed Steps
Command
Purpose
Step 1
Network object:
object network
obj_name
{host ip_address | subnet
subnet_address netmask | range
ip_address_1 ip_address_2}
Network object group:
object-group network
grp_name
{network-object {object net_obj_name |
subnet_address netmask |
host
ip_address} |
group-object
grp_obj_name}
Example:
hostname(config)# object network MyInsNet
hostname(config-network-object)# subnet
10.1.1.0 255.255.255.0
Configure the real source addresses.
You can configure either a network object or a network object
group. For more information, see the
.
Step 2
Network object:
object network
obj_name
{host ip_address | subnet
subnet_address netmask | range
ip_address_1 ip_address_2}
Network object group:
object-group network
grp_name
{network-object {object net_obj_name |
subnet_address netmask |
host
ip_address} |
group-object
grp_obj_name}
Example:
hostname(config)# object network
MyInsNet_mapped
hostname(config-network-object)# subnet
192.168.1.0 255.255.255.0
Configure the mapped source addresses.
You can configure either a network object or a network object
group. For static NAT, the mapping is typically one-to-one, so the
real addresses have the same quantity as the mapped addresses.
You can, however, have different quantities if desired. For more
information, see the
“Static NAT” section on page 29-3
For static interface NAT with port translation (routed mode only),
you can skip this step and specify the interface keyword instead
of a network object/group for the mapped address. For more
information, see the
“Static Interface NAT with Port Translation”
.
See the
“Guidelines and Limitations” section on page 31-2
information about disallowed mapped IP addresses.