Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 101

    Page 101 4-15 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuring Network Object NAT Step 9Click OK, and then Apply. Because static rules are bidirectional (allowing initiation to and from the real host), the NAT Rules table show two rows for each static rule, one for each direction. Configuring Identity NAT This section describes how to configure an identity NAT rule using network object NAT. For more information, see the... 
     
4-15
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuring Network Object NAT
Step 9Click OK, and then Apply.
Because static rules are bidirectional (allowing initiation to and from the real host), the NAT Rules table 
show two rows for each static rule, one for each direction.
Configuring Identity NAT
This section describes how to configure an identity NAT rule using network object NAT. For more 
information, see the...

    Page 102

    Page 102 4-16 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuring Network Object NAT c.IP Address—An IPv4 or IPv6 address. If you select Range as the object type, the IP Address field changes to allow you to enter a Start Address and an End address. d.Netmask/Prefix Length—Enter the subnet mask or prefix length. e.Description—(Optional) The description of the network object (up to 200 characters in length). Step 3If the NAT... 
     
4-16
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuring Network Object NAT
c.IP Address—An IPv4 or IPv6 address. If you select Range as the object type, the IP Address field 
changes to allow you to enter a Start Address and an End address.
d.Netmask/Prefix Length—Enter the subnet mask or prefix length.
e.Description—(Optional) The description of the network object (up to 200 characters in length).
Step 3If the NAT...

    Page 103

    Page 103 4-17 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuring Network Object NAT Step 6In the Translated Addr. field, do one of the following: Type the same IP address that you used for the real address. Click the browse button, and choose a network object with a matching IP address definition from the Browse Translated Addr dialog box. Click the browse button, and create a new network object with a matching IP address... 
     
4-17
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuring Network Object NAT
Step 6In the Translated Addr. field, do one of the following:
Type the same IP address that you used for the real address.
Click the browse button, and choose a network object with a matching IP address definition from 
the Browse Translated Addr dialog box.
Click the browse button, and create a new network object with a matching IP address...

    Page 104

    Page 104 4-18 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuring Network Object NAT Configuring Per-Session PAT Rules By default, all TCP PAT traffic and all UDP DNS traffic uses per-session PAT. To use multi-session PAT for traffic, you can configure per-session PAT rules: a permit rule uses per-session PAT, and a deny rule uses multi-session PAT. For more information about per-session vs. multi-session PAT, see the... 
     
4-18
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuring Network Object NAT
Configuring Per-Session PAT Rules
By default, all TCP PAT traffic and all UDP DNS traffic uses per-session PAT. To use multi-session PAT 
for traffic, you can configure per-session PAT rules: a permit rule uses per-session PAT, and a deny rule 
uses multi-session PAT. For more information about per-session vs. multi-session PAT, see the...

    Page 105

    Page 105 4-19 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Monitoring Network Object NAT A permit rule uses per-session PAT; a deny rule uses multi-session PAT. Step 3Specify the Source Address either by typing an address or clicking the ... button to choose an object. Step 4Specify the Source Service, UDP or TCP. You can optionally specify a source port, although normally you only specify the destination port. Either type in UDP/port... 
     
4-19
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Monitoring Network Object NAT
A permit rule uses per-session PAT; a deny rule uses multi-session PAT.
Step 3Specify the Source Address either by typing an address or clicking the ... button to choose an object.
Step 4Specify the Source Service, UDP or TCP. You can optionally specify a source port, although normally 
you only specify the destination port. Either type in UDP/port...

    Page 106

    Page 106 4-20 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuration Examples for Network Object NAT The Monitoring > Properties > Connection Graphs > Perfmon pane lets you view the performance information in a graphical format. You can choose up to four types of statistics to show in one graph window. You can open multiple graph windows at the same time. Fields Available Graphs—Lists the components you can graph. –AAA... 
     
4-20
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuration Examples for Network Object NAT
The Monitoring > Properties > Connection Graphs > Perfmon pane lets you view the performance 
information in a graphical format. You can choose up to four types of statistics to show in one graph 
window. You can open multiple graph windows at the same time.
Fields
Available Graphs—Lists the components you can graph.
–AAA...

    Page 107

    Page 107 4-21 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuration Examples for Network Object NAT Providing Access to an Inside Web Server (Static NAT) The following example performs static NAT for an inside web server. The real address is on a private network, so a public address is required. Static NAT is necessary so hosts can initiate traffic to the web server at a fixed address. (See Figure 4-1). Figure 4-1 Static NAT for... 
     
4-21
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuration Examples for Network Object NAT
Providing Access to an Inside Web Server (Static NAT)
The following example performs static NAT for an inside web server. The real address is on a private 
network, so a public address is required. Static NAT is necessary so hosts can initiate traffic to the web 
server at a fixed address. (See Figure 4-1).
Figure 4-1 Static NAT for...

    Page 108

    Page 108 4-22 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuration Examples for Network Object NAT Step 3Configure static NAT for the object: Step 4Configure the real and mapped interfaces by clicking Advanced: 
     
4-22
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuration Examples for Network Object NAT
Step 3Configure static NAT for the object:
Step 4Configure the real and mapped interfaces by clicking Advanced:

    Page 109

    Page 109 4-23 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuration Examples for Network Object NAT Step 5Click OK to return to the Edit Network Object dialog box, click OK again, and then click Apply. NAT for Inside Hosts (Dynamic NAT) and NAT for an Outside Web Server (Static NAT) The following example configures dynamic NAT for inside users on a private network when they access the outside. Also, when inside users connect to... 
     
4-23
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuration Examples for Network Object NAT
Step 5Click OK to return to the Edit Network Object dialog box, click OK again, and then click Apply.
NAT for Inside Hosts (Dynamic NAT) and NAT for an Outside Web Server 
(Static NAT)
The following example configures dynamic NAT for inside users on a private network when they access 
the outside. Also, when inside users connect to...

    Page 110

    Page 110 4-24 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuration Examples for Network Object NAT Figure 4-2 Dynamic NAT for Inside, Static NAT for Outside Web Server Step 1Create a network object for the inside network: Step 2Define the addresses for the inside network: Outside Inside10.1.2.1 209.165.201.1 Security Appliance myInsNet 10.1.2.0/24 Web Server 209.165.201.12 209.165.201.1210.1.2.20 248773 Undo Translation... 
     
4-24
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 4      Configuring Network Object NAT (ASA 8.3 and Later)
  Configuration Examples for Network Object NAT
Figure 4-2 Dynamic NAT for Inside, Static NAT for Outside Web Server
Step 1Create a network object for the inside network:
Step 2Define the addresses for the inside network:
Outside
Inside10.1.2.1 209.165.201.1
Security
Appliance
myInsNet
10.1.2.0/24 Web Server
209.165.201.12
209.165.201.1210.1.2.20
248773
Undo Translation...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals