Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 141

    Page 141 5-5 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT If you enable extended PAT for a dynamic PAT rule, then you cannot also use an address in the PAT pool as the PAT address in a separate static NAT with port translation rule. For example, if the PAT pool includes 10.1.1.1, then you cannot create a static NAT-with-port-translation rule using 10.1.1.1 as the PAT address. Extended PAT can consume a large amount of... 
     
5-5
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
If you enable extended PAT for a dynamic PAT rule, then you cannot also use an address in the PAT 
pool as the PAT address in a separate static NAT with port translation rule. For example, if the PAT 
pool includes 10.1.1.1, then you cannot create a static NAT-with-port-translation rule using 10.1.1.1 
as the PAT address.
Extended PAT can consume a large amount of...

    Page 142

    Page 142 5-6 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT Step 2Set the source and destination interfaces. By default in routed mode, both interfaces are set to --Any--. In transparent firewall mode, you must set specific interfaces. a.From the Match Criteria: Original Packet > Source Interface drop-down list, choose the source interface. b.From the Match Criteria: Original Packet > Destination Interface drop-down list,... 
     
5-6
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
Step 2Set the source and destination interfaces.
By default in routed mode, both interfaces are set to --Any--. In transparent firewall mode, you must set 
specific interfaces.
a.From the Match Criteria: Original Packet > Source Interface drop-down list, choose the source 
interface.
b.From the Match Criteria: Original Packet > Destination Interface drop-down list,...

    Page 143

    Page 143 5-7 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT a.For the Match Criteria: Original Packet > Source Address, click the browse button and choose an existing network object or group or create a new object or group from the Browse Original Source Address dialog box. The group cannot contain both IPv4 and IPv6 addresses; it must contain one type only. The default is any. b.(Optional) For the Match Criteria:... 
     
5-7
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
a.For the Match Criteria: Original Packet > Source Address, click the browse button and choose an 
existing network object or group or create a new object or group from the Browse Original Source 
Address dialog box. The group cannot contain both IPv4 and IPv6 addresses; it must contain one 
type only. The default is any. 
b.(Optional) For the Match Criteria:...

    Page 144

    Page 144 5-8 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT Step 5Choose Dynamic from the Match Criteria: Translated Packet > Source NAT Type drop-down list. This setting only applies to the source address; the destination translation is always static. Step 6Identify the translated packet addresses, either IPv4 or IPv6; namely, the packet addresses as they appear on the destination interface network (the mapped source... 
     
5-8
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
Step 5Choose Dynamic from the Match Criteria: Translated Packet > Source NAT Type drop-down list.
This setting only applies to the source address; the destination translation is always static.
Step 6Identify the translated packet addresses, either IPv4 or IPv6; namely, the packet addresses as they appear 
on the destination interface network (the mapped source...

    Page 145

    Page 145 5-9 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT NoteThe object or group cannot contain a subnet. Dynamic PAT using a PAT pool—.To configure a PAT pool, check the PAT Pool Translated Address check box, then click the browse button and choose an existing network object or group or create a new object or group from the Browse Translated PAT Pool Address dialog box. Note: Leave the Source Address field empty.... 
     
5-9
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
NoteThe object or group cannot contain a subnet.
Dynamic PAT using a PAT pool—.To configure a PAT pool, check the PAT Pool Translated 
Address check box, then click the browse button and choose an existing network object or group or 
create a new object or group from the Browse Translated PAT Pool Address dialog box. Note: Leave 
the Source Address field empty....

    Page 146

    Page 146 5-10 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT c.For the Match Criteria: Translated Packet > Destination Address, click the browse button and choose an existing network object, group, or interface or create a new object or group from the Browse Translated Destination Address dialog box. For identity NAT for the destination address, simply use the same object or group for both the real and mapped addresses. If... 
     
5-10
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
c.For the Match Criteria: Translated Packet > Destination Address, click the browse button and choose 
an existing network object, group, or interface or create a new object or group from the Browse 
Translated Destination Address dialog box.
For identity NAT for the destination address, simply use the same object or group for both the real 
and mapped addresses.
If...

    Page 147

    Page 147 5-11 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT Step 8(Optional) Configure NAT options in the Options area. a.Enable rule —Enables this NAT rule. The rule is enabled by default. b.(For a source-only rule) Translate DNS replies that match this rule—Rewrites the DNS A record in DNS replies. Be sure DNS inspection is enabled (it is enabled by default). You cannot configure DNS modification if you configure a... 
     
5-11
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
Step 8(Optional) Configure NAT options in the Options area.
a.Enable rule —Enables this NAT rule. The rule is enabled by default.
b.(For a source-only rule) Translate DNS replies that match this rule—Rewrites the DNS A record in 
DNS replies. Be sure DNS inspection is enabled (it is enabled by default). You cannot configure 
DNS modification if you configure a...

    Page 148

    Page 148 5-12 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT Configuring Dynamic PAT (Hide) This section describes how to configure twice NAT for dynamic PAT (hide). For dynamic PAT using a PAT pool, see the “Configuring Dynamic NAT or Dynamic PAT Using a PAT Pool” section on page 5-4 instead of using this section. For more information, see the “Dynamic PAT” section on page 3-10. Detailed Steps To configure dynamic PAT,... 
     
5-12
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
Configuring Dynamic PAT (Hide)
This section describes how to configure twice NAT for dynamic PAT (hide). For dynamic PAT using a 
PAT pool, see the “Configuring Dynamic NAT or Dynamic PAT Using a PAT Pool” section on page 5-4 
instead of using this section. For more information, see the “Dynamic PAT” section on page 3-10.
Detailed Steps
To configure dynamic PAT,...

    Page 149

    Page 149 5-13 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT Step 2Set the source and destination interfaces. By default in routed mode, both interfaces are set to --Any--. In transparent firewall mode, you must set specific interfaces. a.From the Match Criteria: Original Packet > Source Interface drop-down list, choose the source interface. b.From the Match Criteria: Original Packet > Destination Interface drop-down list,... 
     
5-13
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
Step 2Set the source and destination interfaces.
By default in routed mode, both interfaces are set to --Any--. In transparent firewall mode, you must set 
specific interfaces.
a.From the Match Criteria: Original Packet > Source Interface drop-down list, choose the source 
interface.
b.From the Match Criteria: Original Packet > Destination Interface drop-down list,...

    Page 150

    Page 150 5-14 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT a.For the Match Criteria: Original Packet > Source Address, click the browse button and choose an existing network object or group or create a new object or group from the Browse Original Source Address dialog box. The group cannot contain both IPv4 and IPv6 addresses; it must contain one type only. The default is any. b.(Optional) For the Match Criteria:... 
     
5-14
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
a.For the Match Criteria: Original Packet > Source Address, click the browse button and choose an 
existing network object or group or create a new object or group from the Browse Original Source 
Address dialog box. The group cannot contain both IPv4 and IPv6 addresses; it must contain one 
type only. The default is any.
b.(Optional) For the Match Criteria:...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals