9-27
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 9 Network Address Translation (NAT)
Static NAT
Static NAT
The following topics explain static NAT and how to implement it.
• About Static NAT, page 9-27
• Configure Static Network Object NAT or Static NAT-with-Port-Translation, page 9-32
• Configure Static Twice NAT or Static NAT-with-Port-Translation, page 9-34
About Static NAT
Static NAT creates a fixed translation of a real address to a mapped address. Because the mapped address
is the same for each consecutive connection, static NAT allows bidirectional connection initiation, both
to and from the host (if an access rule exists that allows it). With dynamic NAT and PAT, on the other
hand, each host uses a different address or port for each subsequent translation, so bidirectional initiation
is not supported.
The following figure shows a typical static NAT scenario. The translation is always active so both real
and remote hosts can initiate connections.
Figure 9-5 Static NAT
Note You can disable bidirectionality if desired.
Static NAT with Port Translation
Static NAT with port translation lets you specify a real and mapped protocol (TCP or UDP) and port.
• About Static NAT with Port Address Translation, page 9-27
• Static NAT with Identity Port Translation, page 9-28
• Static NAT with Port Translation for Non-Standard Ports, page 9-29
• Static Interface NAT with Port Translation, page 9-29
About Static NAT with Port Address Translation
When you specify the port with static NAT, you can choose to map the port and/or the IP address to the
same value or to a different value.
10.1.1.1 209.165.201.1
Inside Outside
10.1.1.2 209.165.201.2
130035
Security
Appliance
To Next Page
Loading...
Need help?
General