Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 151

    Page 151 5-15 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT Step 5Choose Dynamic PAT (Hide) from the Match Criteria: Translated Packet > Source NAT Type drop-down list. This setting only applies to the source address; the destination translation is always static. NoteTo configure dynamic PAT using a PAT pool, choose Dynamic instead of Dynamic PAT (Hide), see the “Configuring Dynamic NAT or Dynamic PAT Using a PAT Pool”... 
     
5-15
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
Step 5Choose Dynamic PAT (Hide) from the Match Criteria: Translated Packet > Source NAT Type 
drop-down list.
This setting only applies to the source address; the destination translation is always static.
NoteTo configure dynamic PAT using a PAT pool, choose Dynamic instead of Dynamic PAT (Hide), 
see the “Configuring Dynamic NAT or Dynamic PAT Using a PAT Pool”...

    Page 152

    Page 152 5-16 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT a.For the Match Criteria: Translated Packet > Source Address, click the browse button and choose an existing network object or interface or create a new object from the Browse Translated Source Address dialog box. If you want to use the IPv6 address of the interface, check the Use IPv6 for interface PAT check box. b.For the Match Criteria: Translated Packet >... 
     
5-16
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
a.For the Match Criteria: Translated Packet > Source Address, click the browse button and choose an 
existing network object or interface or create a new object from the Browse Translated Source 
Address dialog box. 
If you want to use the IPv6 address of the interface, check the Use IPv6 for interface PAT check 
box.
b.For the Match Criteria: Translated Packet >...

    Page 153

    Page 153 5-17 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT You can also create a new service object from the Browse Translated Service dialog box and use this object as the mapped destination port. Dynamic PAT does not support additional port translation. However, because the destination translation is always static, you can perform port translation for the destination port. A service object can contain both a source and... 
     
5-17
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
You can also create a new service object from the Browse Translated Service dialog box and use this 
object as the mapped destination port.
Dynamic PAT does not support additional port translation. However, because the destination translation 
is always static, you can perform port translation for the destination port. A service object can contain 
both a source and...

    Page 154

    Page 154 5-18 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT Step 9Click OK. Configuring Static NAT or Static NAT-with-Port-Translation This section describes how to configure a static NAT rule using twice NAT. For more information about static NAT, see the “Static NAT” section on page 3-3. Detailed Steps To configure static NAT, perform the following steps: Step 1Choose Configuration > Firewall > NAT Rules, and then click... 
     
5-18
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
Step 9Click OK.
Configuring Static NAT or Static NAT-with-Port-Translation
This section describes how to configure a static NAT rule using twice NAT. For more information about 
static NAT, see the “Static NAT” section on page 3-3.
Detailed Steps
To configure static NAT, perform the following steps:
Step 1Choose Configuration > Firewall > NAT Rules, and then click...

    Page 155

    Page 155 5-19 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT Step 2Set the source and destination interfaces. By default in routed mode, both interfaces are set to --Any--. In transparent firewall mode, you must set specific interfaces. a.From the Match Criteria: Original Packet > Source Interface drop-down list, choose the source interface. b.From the Match Criteria: Original Packet > Destination Interface drop-down list,... 
     
5-19
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
Step 2Set the source and destination interfaces.
By default in routed mode, both interfaces are set to --Any--. In transparent firewall mode, you must set 
specific interfaces.
a.From the Match Criteria: Original Packet > Source Interface drop-down list, choose the source 
interface.
b.From the Match Criteria: Original Packet > Destination Interface drop-down list,...

    Page 156

    Page 156 5-20 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT a.For the Match Criteria: Original Packet > Source Address, click the browse button and choose an existing network object or group or create a new object or group from the Browse Original Source Address dialog box. The group cannot contain both IPv4 and IPv6 addresses; it must contain one type only. The default is any, but do not use this option except for... 
     
5-20
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
a.For the Match Criteria: Original Packet > Source Address, click the browse button and choose an 
existing network object or group or create a new object or group from the Browse Original Source 
Address dialog box. The group cannot contain both IPv4 and IPv6 addresses; it must contain one 
type only. The default is any, but do not use this option except for...

    Page 157

    Page 157 5-21 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT Step 5Choose Static from the Match Criteria: Translated Packet > Source NAT Type drop-down list. Static is the default setting. This setting only applies to the source address; the destination translation is always static. Step 6Identify the translated packet addresses, either IPv4 or IPv6; namely, the packet addresses as they appear on the destination interface... 
     
5-21
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
Step 5Choose Static from the Match Criteria: Translated Packet > Source NAT Type drop-down list. Static is 
the default setting.
This setting only applies to the source address; the destination translation is always static.
Step 6Identify the translated packet addresses, either IPv4 or IPv6; namely, the packet addresses as they appear 
on the destination interface...

    Page 158

    Page 158 5-22 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT For static NAT, the mapping is typically one-to-one, so the real addresses have the same quantity as the mapped addresses. You can, however, have different quantities if desired. For static interface NAT with port translation, you can specify the interface instead of a network object/group for the mapped address. If you want to use the IPv6 address of the... 
     
5-22
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
For static NAT, the mapping is typically one-to-one, so the real addresses have the same quantity as 
the mapped addresses. You can, however, have different quantities if desired.
For static interface NAT with port translation, you can specify the interface instead of a network 
object/group for the mapped address. If you want to use the IPv6 address of the...

    Page 159

    Page 159 5-23 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT Step 8(Optional) For NAT46, check the Use one-to-one address translation check box. For NAT46, specify one-to-one to translate the first IPv4 address to the first IPv6 address, the second to the second, and so on. Without this option, the IPv4-embedded method is used. For a one-to-one translation, you must use this keyword. Step 9(Optional) Configure NAT options... 
     
5-23
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
Step 8(Optional) For NAT46, check the Use one-to-one address translation check box. For NAT46, specify 
one-to-one to translate the first IPv4 address to the first IPv6 address, the second to the second, and so 
on. Without this option, the IPv4-embedded method is used. For a one-to-one translation, you must use 
this keyword.
Step 9(Optional) Configure NAT options...

    Page 160

    Page 160 5-24 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT Step 10Click OK. Configuring Identity NAT This section describes how to configure an identity NAT rule using twice NAT. For more information about identity NAT, see the “Identity NAT” section on page 3-12. Detailed Steps To configure identity NAT, perform the following steps: Step 1Choose Configuration > Firewall > NAT Rules, and then click Add. If you want to add... 
     
5-24
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
Step 10Click OK.
Configuring Identity NAT
This section describes how to configure an identity NAT rule using twice NAT. For more information 
about identity NAT, see the “Identity NAT” section on page 3-12.
Detailed Steps
To configure identity NAT, perform the following steps:
Step 1Choose Configuration > Firewall > NAT Rules, and then click Add.
If you want to add...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals