1-25
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Network Object NAT
Configuration Examples for Network Object NAT
DNS Server and FTP Server on Mapped Interface, FTP Server is
Translated (Static NAT with DNS Modification)
Figure 1-6 shows an FTP server and DNS server on the outside. The ASA has a static translation for the
outside server. In this case, when an inside user requests the address for ftp.cisco.com from the DNS
server, the DNS server responds with the real address, 209.165.201.10. Because you want inside users
to use the mapped address for ftp.cisco.com (10.1.2.56) you need to configure DNS reply modification
for the static translation.
Figure 1-6 DNS Reply Modification Using Outside NAT
Step 1 Create a network object for the FTP server address:
hostname(config)# object network FTP_SERVER
Step 2 Define the FTP server address, and configure static NAT with DNS modification:
hostname(config-network-object)# host 209.165.201.10
hostname(config-network-object)# nat (outside,inside) static 10.1.2.56 dns
ftp.cisco.com
209.165.201.10
DNS Server
Outside
Inside
User
10.1.2.27
Static Translation on Inside to:
10.1.2.56
130022
1
2
7
6
5
4
3
DNS Query
ftp.cisco.com?
DNS Reply
209.165.201.10
DNS Reply Modification
209.165.201.10 10.1.2.56
DNS Reply
10.1.2.56
FTP Request
209.165.201.10
Dest Addr. Translation
209.165.201.1010.1.2.56
FTP Request
10.1.2.56
Security
Appliance
To Next Page
Loading...
Need help?
General
