1-22
Cisco ASA Series CLI Configuration Guide
Chapter 1 Information About NAT
NAT for VPN
Determining the Egress Interface
When the ASA receives traffic for a mapped address, the ASA unstranslates the destination address
according to the NAT rule, and then it sends the packet on to the real address. The ASA determines the
egress interface for the packet in the following ways:
•
Transparent mode—The ASA determines the egress interface for the real address by using the NAT
rule; you must specify the source and destination interfaces as part of the NAT rule.
•
Routed mode—The ASA determines the egress interface in one of the following ways:
–
You configure the interface in the NAT rule—The ASA uses the NAT rule to determine the
egress interface. However, you have the option to always use a route lookup instead. In certain
scenarios, a route lookup override is required; for example, see the
.
–
You do not configure the interface in the NAT rule—The ASA uses a route lookup to determine
the egress interface.
shows the egress interface selection method in routed mode. In almost all cases, a route
lookup is equivalent to the NAT rule interface, but in some configurations, the two methods might differ.
Figure 1-16
Routed Mode Egress Interface Selection
NAT for VPN
•
NAT and Remote Access VPN, page 1-23
•
NAT and Site-to-Site VPN, page 1-24
•
NAT and VPN Management Access, page 1-26
•
Troubleshooting NAT and VPN, page 1-28
Real: 10.1.1.78
Mapped: 209.165.201.08
Inside
Untranslation
Packet
Eng
Dest. 209.165.201.08
10.1.1.78
209.165.201.08
to
NAT rule specifies interface?
NAT rule specifies route lookup?
No
Yes
Yes
No
Send packet out Inside interface.
Where to send 10.1.1.78?
Outside
Look up 10.1.1.78 in routing table.
370049
Summary of Contents for 5505 - ASA Firewall Edition Bundle
Page 28: ...Glossary GL 24 Cisco ASA Series CLI Configuration Guide ...
Page 61: ...P A R T 1 Getting Started with the ASA ...
Page 62: ......
Page 219: ...P A R T 2 Configuring High Availability and Scalability ...
Page 220: ......
Page 403: ...P A R T 2 Configuring Interfaces ...
Page 404: ......
Page 499: ...P A R T 2 Configuring Basic Settings ...
Page 500: ......
Page 533: ...P A R T 2 Configuring Objects and Access Lists ...
Page 534: ......
Page 601: ...P A R T 2 Configuring IP Routing ...
Page 602: ......
Page 745: ...P A R T 2 Configuring Network Address Translation ...
Page 746: ......
Page 845: ...P A R T 2 Configuring AAA Servers and the Local Database ...
Page 846: ......
Page 981: ...P A R T 2 Configuring Access Control ...
Page 982: ......
Page 1061: ...P A R T 2 Configuring Service Policies Using the Modular Policy Framework ...
Page 1062: ......
Page 1093: ...P A R T 2 Configuring Application Inspection ...
Page 1094: ......
Page 1191: ...P A R T 2 Configuring Unified Communications ...
Page 1192: ......
Page 1333: ...P A R T 2 Configuring Connection Settings and QoS ...
Page 1334: ......
Page 1379: ...P A R T 2 Configuring Advanced Network Protection ...
Page 1380: ......
Page 1475: ...P A R T 2 Configuring Modules ...
Page 1476: ......
Page 1549: ...P A R T 2 Configuring VPN ...
Page 1550: ......
Page 1965: ...P A R T 2 Configuring Logging SNMP and Smart Call Home ...
Page 1966: ......
Page 2059: ...P A R T 2 System Administration ...
Page 2060: ......
Page 2098: ...1 8 Cisco ASA Series CLI Configuration Guide Chapter 1 Troubleshooting Viewing the Coredump ...
Page 2099: ...P A R T 2 Reference ...
Page 2100: ......