1-30
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Twice NAT
Feature History for Twice NAT
Automatic NAT rules to translate a VPN peer’s
local IP address back to the peer’s real IP
address
8.4(3)
In rare situations, you might want to use a VPN peer’s real
IP address on the inside network instead of an assigned local
IP address. Normally with VPN, the peer is given an
assigned local IP address to access the inside network.
However, you might want to translate the local IP address
back to the peer’s real public IP address if, for example,
your inside servers and network security is based on the
peer’s real IP address.
You can enable this feature on one interface per tunnel
group. Object NAT rules are dynamically added and deleted
when the VPN session is established or disconnected. You
can view the rules using the
show nat
command.
Note
Because of routing issues, we do not recommend
using this feature unless you know you need this
feature; contact Cisco TAC to confirm feature
compatibility with your network. See the following
limitations:
•
Only supports Cisco IPsec and AnyConnect Client.
•
Return traffic to the public IP addresses must be
routed back to the ASA so the NAT policy and VPN
policy can be applied.
•
Does not support load-balancing (because of
routing issues).
•
Does not support roaming (public IP changing).
We introduced the following command:
nat-assigned-to-public-ip
interface
(tunnel-group
general-attributes configuration mode).
NAT support for IPv6
9.0(1)
NAT now supports IPv6 traffic, as well as translating
between IPv4 and IPv6. Translating between IPv4 and IPv6
is not supported in transparent mode.
We modified the following commands:
nat
(global
configuration mode),
show nat
,
show nat pool
,
show xlate
.
Table 1-1
Feature History for Twice NAT (continued)
Feature Name
Platform
Releases
Feature Information
Summary of Contents for 5505 - ASA Firewall Edition Bundle
Page 28: ...Glossary GL 24 Cisco ASA Series CLI Configuration Guide ...
Page 61: ...P A R T 1 Getting Started with the ASA ...
Page 62: ......
Page 219: ...P A R T 2 Configuring High Availability and Scalability ...
Page 220: ......
Page 403: ...P A R T 2 Configuring Interfaces ...
Page 404: ......
Page 499: ...P A R T 2 Configuring Basic Settings ...
Page 500: ......
Page 533: ...P A R T 2 Configuring Objects and Access Lists ...
Page 534: ......
Page 601: ...P A R T 2 Configuring IP Routing ...
Page 602: ......
Page 745: ...P A R T 2 Configuring Network Address Translation ...
Page 746: ......
Page 845: ...P A R T 2 Configuring AAA Servers and the Local Database ...
Page 846: ......
Page 981: ...P A R T 2 Configuring Access Control ...
Page 982: ......
Page 1061: ...P A R T 2 Configuring Service Policies Using the Modular Policy Framework ...
Page 1062: ......
Page 1093: ...P A R T 2 Configuring Application Inspection ...
Page 1094: ......
Page 1191: ...P A R T 2 Configuring Unified Communications ...
Page 1192: ......
Page 1333: ...P A R T 2 Configuring Connection Settings and QoS ...
Page 1334: ......
Page 1379: ...P A R T 2 Configuring Advanced Network Protection ...
Page 1380: ......
Page 1475: ...P A R T 2 Configuring Modules ...
Page 1476: ......
Page 1549: ...P A R T 2 Configuring VPN ...
Page 1550: ......
Page 1965: ...P A R T 2 Configuring Logging SNMP and Smart Call Home ...
Page 1966: ......
Page 2059: ...P A R T 2 System Administration ...
Page 2060: ......
Page 2098: ...1 8 Cisco ASA Series CLI Configuration Guide Chapter 1 Troubleshooting Viewing the Coredump ...
Page 2099: ...P A R T 2 Reference ...
Page 2100: ......