10-6
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 10 NAT Examples and Reference
Examples for Twice NAT
hostname(config)#
object network SMTP_SERVER
hostname(config-network-object)#
host 10.1.2.29
hostname(config-network-object)#
nat (inside,outside) static 209.165.201.3 service tcp
smtp smtp
Examples for Twice NAT
This section includes the following configuration examples:
•
Different Translation Depending on the Destination (Dynamic Twice PAT), page 10-6
•
Different Translation Depending on the Destination Address and Port (Dynamic PAT), page 10-7
•
Example: Twice NAT with Destination Address Translation, page 10-9
Different Translation Depending on the Destination (Dynamic Twice PAT)
The following figure shows a host on the 10.1.2.0/24 network accessing two different servers. When the
host accesses the server at 209.165.201.11, the real address is translated to 209.165.202.129:
port
. When
the host accesses the server at 209.165.200.225, the real address is translated to 209.165.202.130:
port
.
Figure 10-5
Twice NAT with Different Destination Addresses
Procedure
Step 1
Add a network object for the inside network:
S
erver 1
209.165.201.11
S
erver 2
209.165.200.225
DMZ
In
s
ide
10.1.2.27
10.1.2.0/24
130039
209.165.201.0/27
209.165.200.224/27
Tr
a
n
s
l
a
tion
209.165.202.129
10.1.2.27
Tr
a
n
s
l
a
tion
209.165.202.130
10.1.2.27
P
a
cket
De
s
t. Addre
ss
:
209.165.201.11
P
a
cket
De
s
t. Addre
ss
:
209.165.200.225
Summary of Contents for ASA 5508-X
Page 11: ...P A R T 1 Access Control ...
Page 12: ......
Page 157: ...P A R T 2 Network Address Translation ...
Page 158: ......
Page 233: ...P A R T 3 Service Policies and Application Inspection ...
Page 234: ......
Page 379: ...P A R T 4 Connection Management and Threat Detection ...
Page 380: ......