Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 91

    Page 91 4-5 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuring Network Object NAT Round robin, especially when combined with extended PAT, can consume a large amount of memory. Because NAT pools are created for every mapped protocol/IP address/port range, round robin results in a large number of concurrent NAT pools, which use memory. Extended PAT results in an even larger number of concurrent NAT pools. Detailed Steps Step... 
     
4-5
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuring Network Object NAT
Round robin, especially when combined with extended PAT, can consume a large amount of 
memory. Because NAT pools are created for every mapped protocol/IP address/port range, round 
robin results in a large number of concurrent NAT pools, which use memory. Extended PAT results 
in an even larger number of concurrent NAT pools.
Detailed Steps
Step...

    Page 92

    Page 92 4-6 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuring Network Object NAT Step 4Check the Add Automatic Translation Rules check box. Step 5From the Type drop-down list, choose Dynamic. Choose Dynamic even if you are configuring dynamic PAT with a PAT pool. Step 6Configure either dynamic NAT, or dynamic PAT with a PAT pool: Dynamic NAT—To the right of the Translated Addr field, click the browse button and choose an... 
     
4-6
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuring Network Object NAT
Step 4Check the Add Automatic Translation Rules check box. 
Step 5From the Type drop-down list, choose Dynamic. Choose Dynamic even if you are configuring dynamic 
PAT with a PAT pool.
Step 6Configure either dynamic NAT, or dynamic PAT with a PAT pool:
Dynamic NAT—To the right of the Translated Addr field, click the browse button and choose an...

    Page 93

    Page 93 4-7 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuring Network Object NAT a.Do not enter a value for the Translated Addr. field; leave it blank. b.Check the PAT Pool Translated Address check box, then click the browse button and choose an existing network object or create a new network object from the Browse Translated PAT Pool Address dialog box. NoteThe PAT pool object or group cannot contain a subnet. The group... 
     
4-7
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuring Network Object NAT
a.Do not enter a value for the Translated Addr. field; leave it blank.
b.Check the PAT Pool Translated Address check box, then click the browse button and choose an 
existing network object or create a new network object from the Browse Translated PAT Pool 
Address dialog box.
NoteThe PAT pool object or group cannot contain a subnet. The group...

    Page 94

    Page 94 4-8 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuring Network Object NAT Step 8(Optional) Click Advanced, and configure the following options in the Advanced NAT Settings dialog box. Translate DNS replies for rule—Translates the IP address in DNS replies. Be sure DNS inspection is enabled (it is enabled by default). See the “DNS and NAT” section on page 3-31 for more information. (Required for Transparent Firewall... 
     
4-8
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuring Network Object NAT
Step 8(Optional) Click Advanced, and configure the following options in the Advanced NAT Settings dialog 
box.
Translate DNS replies for rule—Translates the IP address in DNS replies. Be sure DNS inspection 
is enabled (it is enabled by default). See the “DNS and NAT” section on page 3-31 for more 
information.
(Required for Transparent Firewall...

    Page 95

    Page 95 4-9 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuring Network Object NAT To add NAT to an existing network object, choose Configuration > Firewall > Objects > Network Objects/Groups, and then double-click a network object. For more information, see the “Configuring a Network Object” section on page 20-3 in the general operations configuration guide. The Add/Edit Network Object dialog box appears. Step 2For a new... 
     
4-9
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuring Network Object NAT
To add NAT to an existing network object, choose Configuration > Firewall > Objects > Network 
Objects/Groups, and then double-click a network object.
For more information, see the “Configuring a Network Object” section on page 20-3 in the general 
operations configuration guide.
The Add/Edit Network Object dialog box appears.
Step 2For a new...

    Page 96

    Page 96 4-10 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuring Network Object NAT Step 4Check the Add Automatic Translation Rules check box. Step 5From the Type drop-down list, choose Dynamic PAT (Hide). NoteTo configure dynamic PAT using a PAT pool instead of a single address, see the “Configuring Dynamic NAT or Dynamic PAT Using a PAT Pool” section on page 4-4. Step 6Specify a single mapped address. In the Translated Addr.... 
     
4-10
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuring Network Object NAT
Step 4Check the Add Automatic Translation Rules check box. 
Step 5From the Type drop-down list, choose Dynamic PAT (Hide).
NoteTo configure dynamic PAT using a PAT pool instead of a single address, see the “Configuring 
Dynamic NAT or Dynamic PAT Using a PAT Pool” section on page 4-4.
Step 6Specify a single mapped address. In the Translated Addr....

    Page 97

    Page 97 4-11 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuring Network Object NAT NoteYou cannot specify an interface in transparent mode. Click the browse button, and choose an existing host address from the Browse Translated Addr dialog box. Click the browse button, and create a new named object from the Browse Translated Addr dialog box. Step 7(Optional) Click Advanced, and configure the following options in the Advanced... 
     
4-11
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuring Network Object NAT
NoteYou cannot specify an interface in transparent mode.
Click the browse button, and choose an existing host address from the Browse Translated Addr 
dialog box.
Click the browse button, and create a new named object from the Browse Translated Addr dialog 
box.
Step 7(Optional) Click Advanced, and configure the following options in the Advanced...

    Page 98

    Page 98 4-12 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuring Network Object NAT To add a new network object, choose Configuration > Firewall > NAT Rules, then click Add > Add Network Object NAT Rule. To add NAT to an existing network object, choose Configuration > Firewall > Objects > Network Objects/Groups, and then double-click a network object. For more information, see the “Configuring a Network Object” section on page... 
     
4-12
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuring Network Object NAT
To add a new network object, choose Configuration > Firewall > NAT Rules, then click Add > 
Add Network Object NAT Rule.
To add NAT to an existing network object, choose Configuration > Firewall > Objects > Network 
Objects/Groups, and then double-click a network object.
For more information, see the “Configuring a Network Object” section on page...

    Page 99

    Page 99 4-13 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuring Network Object NAT Step 4Check the Add Automatic Translation Rules check box. Step 5From the Type drop-down list, choose Static. Step 6In the Translated Addr. field, do one of the following: Type an IP address. When you type an IP address, the netmask or range for the mapped network is the same as that of the real network. For example, if the real network is a... 
     
4-13
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuring Network Object NAT
Step 4Check the Add Automatic Translation Rules check box. 
Step 5From the Type drop-down list, choose Static.
Step 6In the Translated Addr. field, do one of the following:
Type an IP address.
When you type an IP address, the netmask or range for the mapped network is the same as that of 
the real network. For example, if the real network is a...

    Page 100

    Page 100 4-14 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuring Network Object NAT Click the browse button, and create a new address from the Browse Translated Addr dialog box. Typically, you configure the same number of mapped addresses as real addresses for a one-to-one mapping. You can, however, have a mismatched number of addresses. For more information, see the “Static NAT” section on page 3-3. Step 7(Optional) For NAT46,... 
     
4-14
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuring Network Object NAT
Click the browse button, and create a new address from the Browse Translated Addr dialog box. 
Typically, you configure the same number of mapped addresses as real addresses for a one-to-one 
mapping. You can, however, have a mismatched number of addresses. For more information, see the 
“Static NAT” section on page 3-3.
Step 7(Optional) For NAT46,...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals