Cisco ASA 5505 User Manual

Page 632

31-26

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 31 Configuring Twice NAT

Configuration Examples for Twice NAT

hostname(config-network-object)# host 209.165.202.130

Step 7

Configure the second twice NAT rule:

hostname(config)# nat (inside,dmz) source dynamic myInsideNetwork PATaddress2 destination

static DMZnetwork2 DMZnetwork2

Different Translation Depending on the Destination Address and Port (Dynamic
PAT)

Figure 31-2

shows the use of source and destination ports. The host on the 10.1.2.0/24 network accesses

a single host for both web services and Telnet services. When the host accesses the server for Telnet
services, the real address is translated to 209.165.202.129:port. When the host accesses the same server
for web services, the real address is translated to 209.165.202.130:port.

Figure 31-2

Twice NAT with Different Destination Ports

Step 1

Add a network object for the inside network:

hostname(config)# object network myInsideNetwork

hostname(config-network-object)# subnet 10.1.2.0 255.255.255.0

Step 2

Add a network object for the Telnet/Web server:

hostname(config)# object network TelnetWebServer

hostname(config-network-object)# host 209.165.201.11

Step 3

Add a network object for the PAT address when using Telnet:

hostname(config)# object network PATaddress1

Web and Telnet server:

209.165.201.11

Internet

Inside

Translation

209.165.202.129

10.1.2.27:80

10.1.2.27

10.1.2.0/24

Translation

209.165.202.130

10.1.2.27:23

Web Packet

Dest. Address:

209.165.201.11:80

Telnet Packet

Dest. Address:

209.165.201.11:23

130040

This manual is related to the following products:

ASA 5585-X ASA 5555-X ASA 5545-X ASA 5525-X ASA 5515-X ASA 5512-X ASA 5580 ASA 5550 ASA 5540 ASA 5520 ASA 5510 ASA 5500 Series