Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 211

    Page 211 6-23 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 6 Configuring NAT (ASA 8.2 and Earlier) Using Dynamic NAT Step 2For a new pool, from the Interface drop-down list, choose the interface where you want to use the mapped IP addresses. Step 3For a new pool, in the Pool ID field, enter a number between 1 and 2147483647. Do not enter a pool ID that is already in use, or your configuration will be rejected. Step 4In the IP Addresses to Add area, click Range, Port Address Translation... 
     
6-23
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 6      Configuring NAT (ASA 8.2 and Earlier)
  Using Dynamic NAT
Step 2For a new pool, from the Interface drop-down list, choose the interface where you want to use the 
mapped IP addresses.
Step 3For a new pool, in the Pool ID field, enter a number between 1 and 2147483647. Do not enter a pool ID 
that is already in use, or your configuration will be rejected.
Step 4In the IP Addresses to Add area, click Range, Port Address Translation...

    Page 212

    Page 212 6-24 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 6 Configuring NAT (ASA 8.2 and Earlier) Using Dynamic NAT To configure a dynamic NAT, PAT, or identity NAT rule, perform the following steps. Step 1In the Configuration > Firewall > NAT Rules pane, choose Add > Add Dynamic NAT Rule. The Add Dynamic NAT Rule dialog box appears. Step 2In the Original area, from the Interface drop-down list, choose the interface that is connected to the hosts with real addresses that you want to... 
     
6-24
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 6      Configuring NAT (ASA 8.2 and Earlier)
  Using Dynamic NAT
To configure a dynamic NAT, PAT, or identity NAT rule, perform the following steps.
Step 1In the Configuration > Firewall > NAT Rules pane, choose Add > Add Dynamic NAT Rule.
The Add Dynamic NAT Rule dialog box appears.
Step 2In the Original area, from the Interface drop-down list, choose the interface that is connected to the hosts 
with real addresses that you want to...

    Page 213

    Page 213 6-25 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 6 Configuring NAT (ASA 8.2 and Earlier) Using Dynamic NAT TCP initial sequence number randomization can be disabled if required. For example: –If another in-line firewall is also randomizing the initial sequence numbers, there is no need for both firewalls to be performing this action, even though this action does not affect the traffic. –If you use eBGP multi-hop through the ASA, and the eBGP peers are using MD5. Randomization... 
     
6-25
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 6      Configuring NAT (ASA 8.2 and Earlier)
  Using Dynamic NAT
TCP initial sequence number randomization can be disabled if required. For example:
–If another in-line firewall is also randomizing the initial sequence numbers, there is no need for 
both firewalls to be performing this action, even though this action does not affect the traffic.
–If you use eBGP multi-hop through the ASA, and the eBGP peers are using MD5. 
Randomization...

    Page 214

    Page 214 6-26 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 6 Configuring NAT (ASA 8.2 and Earlier) Using Dynamic NAT Step 2In the Original area, from the Interface drop-down list, choose the interface that is connected to the hosts with real addresses that you want to translate. Step 3Enter the real addresses in the Source field, or click the ... button to choose an IP address that you already defined in ASDM. Specify the address and subnet mask using prefix/length notation, such as... 
     
6-26
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 6      Configuring NAT (ASA 8.2 and Earlier)
  Using Dynamic NAT
Step 2In the Original area, from the Interface drop-down list, choose the interface that is connected to the hosts 
with real addresses that you want to translate.
Step 3Enter the real addresses in the Source field, or click the ... button to choose an IP address that you already 
defined in ASDM.
Specify the address and subnet mask using prefix/length notation, such as...

    Page 215

    Page 215 6-27 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 6 Configuring NAT (ASA 8.2 and Earlier) Using Static NAT NoteYou can also set these values using a security policy rule. To set the number of rate intervals maintained for host statistics, on the Configuration > Firewall > Threat Detection > Scanning Threat Statistics area, choose 1, 2, or 3 from the User can specify the number of rate for Threat Detection Host drop-down list. Because host statistics use a lot of memory,... 
     
6-27
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 6      Configuring NAT (ASA 8.2 and Earlier)
  Using Static NAT
NoteYou can also set these values using a security policy rule. To set the number of rate intervals 
maintained for host statistics, on the Configuration > Firewall > Threat Detection > Scanning 
Threat Statistics area, choose 1, 2, or 3 from the User can specify the number of rate for Threat 
Detection Host drop-down list. Because host statistics use a lot of memory,...

    Page 216

    Page 216 6-28 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 6 Configuring NAT (ASA 8.2 and Earlier) Using Static NAT Policy NAT lets you identify real addresses for address translation by specifying the source and destination addresses. You can also optionally specify the source and destination ports. Regular NAT can only consider the source addresses, and not the destination. See the “Policy NAT” section on page 6-11 for more information. Static PAT lets you translate the real IP... 
     
6-28
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 6      Configuring NAT (ASA 8.2 and Earlier)
  Using Static NAT
Policy NAT lets you identify real addresses for address translation by specifying the source and 
destination addresses. You can also optionally specify the source and destination ports. Regular NAT can 
only consider the source addresses, and not the destination. See the “Policy NAT” section on page 6-11 
for more information.
Static PAT lets you translate the real IP...

    Page 217

    Page 217 6-29 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 6 Configuring NAT (ASA 8.2 and Earlier) Using Static NAT Step 1In the Configuration > Firewall > NAT Rules pane, choose Add > Add Static NAT Rule. The Add Static NAT Rule dialog box appears. Step 2In the Original area, from the Interface drop-down list, choose the interface that is connected to the hosts with real addresses that you want to translate. Step 3Enter the real addresses in the Source field, or click the ... button to... 
     
6-29
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 6      Configuring NAT (ASA 8.2 and Earlier)
  Using Static NAT
Step 1In the Configuration > Firewall > NAT Rules pane, choose Add > Add Static NAT Rule.
The Add Static NAT Rule dialog box appears.
Step 2In the Original area, from the Interface drop-down list, choose the interface that is connected to the hosts 
with real addresses that you want to translate.
Step 3Enter the real addresses in the Source field, or click the ... button to...

    Page 218

    Page 218 6-30 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 6 Configuring NAT (ASA 8.2 and Earlier) Using Static NAT NoteYou can also set these values using a security policy rule. To set the number of rate intervals maintained for host statistics, on the Configuration > Firewall > Threat Detection > Scanning Threat Statistics area, choose 1, 2, or 3 from the User can specify the number of rate for Threat Detection Host drop-down list. Because host statistics use a lot of memory,... 
     
6-30
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 6      Configuring NAT (ASA 8.2 and Earlier)
  Using Static NAT
NoteYou can also set these values using a security policy rule. To set the number of rate intervals 
maintained for host statistics, on the Configuration > Firewall > Threat Detection > Scanning 
Threat Statistics area, choose 1, 2, or 3 from the User can specify the number of rate for Threat 
Detection Host drop-down list. Because host statistics use a lot of memory,...

    Page 219

    Page 219 6-31 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 6 Configuring NAT (ASA 8.2 and Earlier) Using Static NAT Configuring Static Policy NAT, PAT, or Identity NAT Figure 6-22 shows typical static policy NAT, static policy PAT, and static policy identity NAT scenarios. The translation is always active so both translated and remote hosts can originate connections. Figure 6-22 Static Policy NAT Scenarios To configure static policy NAT, PAT, or identity NAT, perform the following... 
     
6-31
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 6      Configuring NAT (ASA 8.2 and Earlier)
  Using Static NAT
Configuring Static Policy NAT, PAT, or Identity NAT
Figure 6-22 shows typical static policy NAT, static policy PAT, and static policy identity NAT scenarios. 
The translation is always active so both translated and remote hosts can originate connections.
Figure 6-22 Static Policy NAT Scenarios
To configure static policy NAT, PAT, or identity NAT, perform the following...

    Page 220

    Page 220 6-32 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 6 Configuring NAT (ASA 8.2 and Earlier) Using Static NAT Step 6Specify the mapped IP address by clicking one of the following: Use IP Address Enter the IP address or click the ... button to choose an IP address that you already defined in ASDM. Specify the address and subnet mask using prefix/length notation, such as 10.1.1.0/24. If you enter an IP address without a mask, it is considered to be a host address, even if it ends... 
     
6-32
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 6      Configuring NAT (ASA 8.2 and Earlier)
  Using Static NAT
Step 6Specify the mapped IP address by clicking one of the following:
Use IP Address
Enter the IP address or click the ... button to choose an IP address that you already defined in ASDM.
Specify the address and subnet mask using prefix/length notation, such as 10.1.1.0/24. If you enter 
an IP address without a mask, it is considered to be a host address, even if it ends...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals