Cisco Systems ASA 5585-X Manual De Usuario

By default, all TCP PAT traffic and all UDP DNS traffic uses per-session PAT. To use multi-session PAT 
for traffic, you can configure per-session PAT rules: a permit rule uses per-session PAT, and a deny rule 
uses multi-session PAT. For more information about per-session vs. multi-session PAT, see the 

To configure a per-session PAT rule, see the 

.

To monitor twice NAT, enter one of the following commands:

(Continued)

No Proxy ARP—(Optional) Specify no-proxy-arp to disable 
proxy ARP for incoming packets to the mapped IP addresses. 
See the 

 for more information.

Route lookup—(Optional; routed mode only; interface(s) 
specified) Specify route-lookup to determine the egress 
interface using a route lookup instead of using the interface 
specified in the NAT command. See the 

 for more information.

Inactive—(Optional) To make this rule inactive without 
having to remove the command, use the inactive keyword. To 
reactivate it, reenter the whole command without the inactive 
keyword.

Description—(Optional) Provide a description up to 200 
characters using the description keyword.

Shows NAT statistics, including hits for each NAT rule.

Shows NAT pool statistics, including the addresses and ports allocated, 
and how many times they were allocated.

Shows current NAT session information. 

All NAT rules build an entry in the NAT divert table. If the NAT divert 
field is set to ignore=yes NAT on the matching rule, the ASA stops the 
lookup and does a route lookup based on the destination IP to determine 
the egress interface. If the NAT divert field is set to ignore=no on the 
matching rule, walk the NAT table based on the found input_ifc and 
output_ifc and do the necessary translation. Egress interface will be 
output_ifc.