Cisco Systems ASA 5580 Manual De Usuario
5-7
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 5 Configuring Twice NAT
Configuring Twice NAT
•
Source Dynamic PAT (Hide)—Source Dynamic PAT does not support port translation.
•
Source Static NAT or Static NAT with port translation—A service object can contain both a source
and destination port; however, you should specify either the source or the destination port for both
service objects. You should only specify both the source and destination ports if your application
uses a fixed source port (such as some DNS servers); but fixed source ports are rare. For example,
if you want to translate the port for the source host, then configure the source service.
and destination port; however, you should specify either the source or the destination port for both
service objects. You should only specify both the source and destination ports if your application
uses a fixed source port (such as some DNS servers); but fixed source ports are rare. For example,
if you want to translate the port for the source host, then configure the source service.
•
Source Identity NAT—A service object can contain both a source and destination port; however, you
should specify either the source or the destination port for both service objects. You should only
specify both the source and destination ports if your application uses a fixed source port (such as
some DNS servers); but fixed source ports are rare. For example, if you want to translate the port
for the source host, then configure the source service.
should specify either the source or the destination port for both service objects. You should only
specify both the source and destination ports if your application uses a fixed source port (such as
some DNS servers); but fixed source ports are rare. For example, if you want to translate the port
for the source host, then configure the source service.
•
Destination Static NAT or Static NAT with port translation (the destination translation is always
static)—For non-static source NAT, you can only perform port translation on the destination. A
service object can contain both a source and destination port, but only the destination port is used
in this case. If you specify the source port, it will be ignored.
static)—For non-static source NAT, you can only perform port translation on the destination. A
service object can contain both a source and destination port, but only the destination port is used
in this case. If you specify the source port, it will be ignored.
Detailed Steps
Configuring Dynamic NAT
This section describes how to configure twice NAT for dynamic NAT. For more information, see the
Command
Purpose
Step 1
object service
obj_name
service
{tcp | udp} [source operator
port] [destination operator port]
Example:
ciscoasa(config)# object service
REAL_SRC_SVC
ciscoasa(config-service-object)# service
tcp source eq 80
ciscoasa(config)# object service
MAPPED_SRC_SVC
ciscoasa(config-service-object)# service
tcp source eq 8080
Adds a service object.