Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 161

    Page 161 5-25 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT Step 2Set the source and destination interfaces. By default in routed mode, both interfaces are set to --Any--. In transparent firewall mode, you must set specific interfaces. a.From the Match Criteria: Original Packet > Source Interface drop-down list, choose the source interface. b.From the Match Criteria: Original Packet > Destination Interface drop-down list,... 
     
5-25
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
Step 2Set the source and destination interfaces.
By default in routed mode, both interfaces are set to --Any--. In transparent firewall mode, you must set 
specific interfaces.
a.From the Match Criteria: Original Packet > Source Interface drop-down list, choose the source 
interface.
b.From the Match Criteria: Original Packet > Destination Interface drop-down list,...

    Page 162

    Page 162 5-26 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT a.For the Match Criteria: Original Packet > Source Address, click the browse button and choose an existing network object or group or create a new object or group from the Browse Original Source Address dialog box. The group cannot contain both IPv4 and IPv6 addresses; it must contain one type only. The default is any; only use this option when also setting the... 
     
5-26
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
a.For the Match Criteria: Original Packet > Source Address, click the browse button and choose an 
existing network object or group or create a new object or group from the Browse Original Source 
Address dialog box. The group cannot contain both IPv4 and IPv6 addresses; it must contain one 
type only. The default is any; only use this option when also setting the...

    Page 163

    Page 163 5-27 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT Step 5Choose Static from the Match Criteria: Translated Packet > Source NAT Type drop-down list. Static is the default setting. This setting only applies to the source address; the destination translation is always static. Step 6Identify the translated packet addresses; namely, the packet addresses as they appear on the destination interface network (the mapped... 
     
5-27
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
Step 5Choose Static from the Match Criteria: Translated Packet > Source NAT Type drop-down list. Static is 
the default setting.
This setting only applies to the source address; the destination translation is always static. 
Step 6Identify the translated packet addresses; namely, the packet addresses as they appear on the destination 
interface network (the mapped...

    Page 164

    Page 164 5-28 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuring Twice NAT For identity NAT for the destination address, simply use the same object or group for both the real and mapped addresses. If you want to translate the destination address, then the static mapping is typically one-to-one, so the real addresses have the same quantity as the mapped addresses. You can, however, have different quantities if desired. For more... 
     
5-28
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuring Twice NAT
For identity NAT for the destination address, simply use the same object or group for both the real 
and mapped addresses.
If you want to translate the destination address, then the static mapping is typically one-to-one, so 
the real addresses have the same quantity as the mapped addresses. You can, however, have different 
quantities if desired. For more...

    Page 165

    Page 165 5-29 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Monitoring Twice NAT a.Enable rule —Enables this NAT rule. The rule is enabled by default. b.Disable Proxy ARP on egress interface—Disables proxy ARP for incoming packets to the mapped IP addresses. See the “Mapped Addresses and Routing” section on page 3-22 for more information. c.(Routed mode; interface(s) specified) Lookup route table to locate egress interface—Determines the egress... 
     
5-29
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Monitoring Twice NAT
a.Enable rule —Enables this NAT rule. The rule is enabled by default.
b.Disable Proxy ARP on egress interface—Disables proxy ARP for incoming packets to the mapped 
IP addresses. See the “Mapped Addresses and Routing” section on page 3-22 for more information.
c.(Routed mode; interface(s) specified) Lookup route table to locate egress interface—Determines the 
egress...

    Page 166

    Page 166 5-30 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuration Examples for Twice NAT Fields Available Graphs—Lists the components you can graph. –Xlate Utilization—Displays the ASA NAT utilization. Graph Window Title—Shows the graph window name to which you want to add a graph type. To use an existing window title, select one from the drop-down list. To display graphs in a new window, enter a new window title. Add—Click to move the... 
     
5-30
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuration Examples for Twice NAT
Fields
Available Graphs—Lists the components you can graph.
–Xlate Utilization—Displays the ASA NAT utilization.
Graph Window Title—Shows the graph window name to which you want to add a graph type. To 
use an existing window title, select one from the drop-down list. To display graphs in a new window, 
enter a new window title.
Add—Click to move the...

    Page 167

    Page 167 5-31 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuration Examples for Twice NAT Figure 5-1 Twice NAT with Different Destination Addresses Step 1Add a NAT rule for traffic from the inside network to DMZ network 1: By default, the NAT rule is added to the end of section 1. If you want to add a NAT rule to section 3, after the network object NAT rules, choose Add NAT Rule After Network Object NAT Rules. The Add NAT Rule dialog box... 
     
5-31
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuration Examples for Twice NAT
Figure 5-1 Twice NAT with Different Destination Addresses
Step 1Add a NAT rule for traffic from the inside network to DMZ network 1:
By default, the NAT rule is added to the end of section 1. If you want to add a NAT rule to section 3, 
after the network object NAT rules, choose Add NAT Rule After Network Object NAT Rules.
The Add NAT Rule dialog box...

    Page 168

    Page 168 5-32 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuration Examples for Twice NAT Step 2Set the source and destination interfaces: Step 3For the Original Source Address, click the browse button to add a new network object for the inside network in the Browse Original Source Address dialog box. a.Add the new network object. b.Define the inside network addresses, and click OK. 
     
5-32
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuration Examples for Twice NAT
Step 2Set the source and destination interfaces:
Step 3For the Original Source Address, click the browse button to add a new network object for the inside 
network in the Browse Original Source Address dialog box.
a.Add the new network object.
b.Define the inside network addresses, and click OK.

    Page 169

    Page 169 5-33 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuration Examples for Twice NAT c.Choose the new network object by double-clicking it. Click OK to return to the NAT configuration. Step 4For the Original Destination Address, click the browse button to add a new network object for DMZ network 1 in the Browse Original Destination Address dialog box. a.Add the new network object. b.Define the DMZ network 1 addresses, and click OK.... 
     
5-33
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuration Examples for Twice NAT
c.Choose the new network object by double-clicking it. Click OK to return to the NAT configuration.
Step 4For the Original Destination Address, click the browse button to add a new network object for DMZ 
network 1 in the Browse Original Destination Address dialog box.
a.Add the new network object.
b.Define the DMZ network 1 addresses, and click OK....

    Page 170

    Page 170 5-34 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuration Examples for Twice NAT Step 6For the Translated Source Address, click the browse button to add a new network object for the PAT address in the Browse Translated Source Address dialog box. a.Add the new network object. b.Define the PAT address, and click OK. c.Choose the new network object by double-clicking it. Click OK to return to the NAT configuration. Step 7For the... 
     
5-34
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 5      Configuring Twice NAT (ASA 8.3 and Later)
  Configuration Examples for Twice NAT
Step 6For the Translated Source Address, click the browse button to add a new network object for the PAT 
address in the Browse Translated Source Address dialog box.
a.Add the new network object.
b.Define the PAT address, and click OK.
c.Choose the new network object by double-clicking it. Click OK to return to the NAT configuration.
Step 7For the...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals