EasyManuals Logo
Home>Cisco>Firewall>ASA 5512-X

Cisco ASA 5512-X Configuration Guide

Cisco ASA 5512-X
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #190 background imageLoading...
Page #190 background image
9-32
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 9 Network Address Translation (NAT)
Static NAT
The following figure shows a typical many-to-few static NAT scenario.
Figure 9-11 Many-to-Few Static NAT
Instead of using a static rule this way, we suggest that you create a one-to-one rule for the traffic that
needs bidirectional initiation, and then create a dynamic rule for the rest of your addresses.
Configure Static Network Object NAT or Static NAT-with-Port-Translation
This section describes how to configure a static NAT rule using network object NAT.
Procedure
Step 1 (Optional.) Create a network object (object network command), or a network object group
(object-group network command), for the mapped addresses.
• Instead of using an object, you can configure an inline address or specify the interface address (for
static NAT-with-port-translation).
• If you use an object, the object or group can contain a host, range, or subnet.
Step 2 Create or edit the network object for which you want to configure NAT.
object network obj_name
Example
hostname(config)# object network my-host-obj1
Step 3 (Skip when editing an object that has the right address.) Define the real IPv4 or IPv6 addresses that you
want to translate.
• host {IPv4_address | IPv6_address}—The IPv4 or IPv6 address of a single host. For example,
10.1.1.1 or 2001:DB8::0DB8:800:200C:417A.
• subnet {IPv4_address IPv4_mask | IPv6_address/IPv6_prefix}—The address of a network. For
IPv4 subnets, include the mask after a space, for example, 10.0.0.0 255.0.0.0. For IPv6, include the
address and prefix as a single unit (no spaces), such as 2001:DB8:0:CD30::/60.
• range start_address end_address—A range of addresses. You can specify IPv4 or IPv6 ranges. Do
not include masks or prefixes.
Example
hostname(config-network-object)# subnet 10.2.1.0 255.255.255.0
Step 4 Configure static NAT for the object IP addresses. You can only define a single NAT rule for a given
object.
10.1.2.27 209.165.201.3
Inside Outside
10.1.2.28 209.165.201.4
10.1.2.29
209.165.201.3
10.1.2.30
209.165.201.4
10.1.2.31
209.165.201.3
Security
Appliance
248770

Table of Contents

Other manuals for Cisco ASA 5512-X

Preview: Quick Start Guide
Quick Start Guide14 pages
Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide74 pages
Preview: Software Guide
Software Guide37 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5512-X and is the answer not in the manual?

Cisco ASA 5512-X Specifications

General IconGeneral
BrandCisco
ModelASA 5512-X
CategoryFirewall
LanguageEnglish

Related product manuals