CHAPTER
9-1
Cisco ASA Series Firewall CLI Configuration Guide
9
Network Address Translation (NAT)
The following topics explain Network Address Translation (NAT) and how to configure it.
• Why Use NAT?, page 9-1
• NAT Basics, page 9-2
• Guidelines for NAT, page 9-6
• Dynamic NAT, page 9-12
• Dynamic PAT, page 9-18
• Static NAT, page 9-27
• Identity NAT, page 9-37
• Monitoring NAT, page 9-40
• History for NAT, page 9-41
Why Use NAT?
Each computer and device within an IP network is assigned a unique IP address that identifies the host.
Because of a shortage of public IPv4 addresses, most of these IP addresses are private, not routable
anywhere outside of the private company network. RFC 1918 defines the private IP addresses you can
use internally that should not be advertised:
• 10.0.0.0 through 10.255.255.255
• 172.16.0.0 through 172.31.255.255
• 192.168.0.0 through 192.168.255.255
One of the main functions of NAT is to enable private IP networks to connect to the Internet. NAT
replaces a private IP address with a public IP address, translating the private addresses in the internal
private network into legal, routable addresses that can be used on the public Internet. In this way, NAT
conserves public addresses because it can be configured to advertise at a minimum only one public
address for the entire network to the outside world.
Other functions of NAT include:
• Security—Keeping internal IP addresses hidden discourages direct attacks.
• IP routing solutions—Overlapping IP addresses are not a problem when you use NAT.
To Next Page
Loading...
Need help?
General
