4-44
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 4 Network Address Translation (NAT
History for NAT
Automatic NAT rules to translate a VPN peer’s
local IP address back to the peer’s real IP
address
8.4(3)
In rare situations, you might want to use a VPN peer’s real
IP address on the inside network instead of an assigned local
IP address. Normally with VPN, the peer is given an
assigned local IP address to access the inside network.
However, you might want to translate the local IP address
back to the peer’s real public IP address if, for example,
your inside servers and network security is based on the
peer’s real IP address.
You can enable this feature on one interface per tunnel
group. Object NAT rules are dynamically added and deleted
when the VPN session is established or disconnected. You
can view the rules using the
show nat
command.
Because of routing issues, we do not recommend using this
feature unless you know you need it; contact Cisco TAC to
confirm feature compatibility with your network. See the
following limitations:
•
Only supports Cisco IPsec and AnyConnect Client.
•
Return traffic to the public IP addresses must be routed
back to the ASA so the NAT policy and VPN policy can
be applied.
•
Does not support load-balancing (because of routing
issues).
•
Does not support roaming (public IP changing).
We introduced the following command:
nat-assigned-to-public-ip
interface
(tunnel-group
general-attributes configuration mode).
NAT support for IPv6
9.0(1)
NAT now supports IPv6 traffic, as well as translating
between IPv4 and IPv6. Translating between IPv4 and IPv6
is not supported in transparent mode.
We modified the following commands:
nat
(global and
object network configuration modes),
show nat
,
show nat
pool
,
show xlate
.
NAT support for reverse DNS lookups
9.0(1)
NAT now supports translation of the DNS PTR record for
reverse DNS lookups when using IPv4 NAT, IPv6 NAT, and
NAT64 with DNS inspection enabled for the NAT rule.
Feature Name
Platform
Releases
Description
Содержание ASA 5512-X
Страница 5: ...P A R T 1 Service Policies and Access Control ...
Страница 6: ......
Страница 50: ...3 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 3 Access Rules History for Access Rules ...
Страница 51: ...P A R T 2 Network Address Translation ...
Страница 52: ......
Страница 126: ...5 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 5 NAT Examples and Reference DNS and NAT ...
Страница 127: ...P A R T 3 Application Inspection ...
Страница 128: ......
Страница 255: ...P A R T 4 Connection Settings and Quality of Service ...
Страница 256: ......
Страница 288: ...12 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 12 Quality of Service History for QoS ...
Страница 303: ...P A R T 5 Advanced Network Protection ...
Страница 304: ......
Страница 339: ...P A R T 6 ASA Modules ...
Страница 340: ......
Страница 398: ...17 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 17 ASA CX Module History for the ASA CX Module ...