Cisco Systems and the ASA Services Module Manual De Usuario
5-27
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 5 Configuring Twice NAT
Configuration Examples for Twice NAT
Different Translation Depending on the Destination Address and Port (Dynamic
PAT)
PAT)
shows the use of source and destination ports. The host on the 10.1.2.0/24 network accesses
a single host for both web services and Telnet services. When the host accesses the server for Telnet
services, the real address is translated to 209.165.202.129:port. When the host accesses the same server
for web services, the real address is translated to 209.165.202.130:port.
services, the real address is translated to 209.165.202.129:port. When the host accesses the same server
for web services, the real address is translated to 209.165.202.130:port.
Figure 5-2
Twice NAT with Different Destination Ports
Step 1
Add a network object for the inside network:
ciscoasa(config)# object network myInsideNetwork
ciscoasa(config-network-object)# subnet 10.1.2.0 255.255.255.0
Step 2
Add a network object for the Telnet/Web server:
ciscoasa(config)# object network TelnetWebServer
ciscoasa(config-network-object)# host 209.165.201.11
Step 3
Add a network object for the PAT address when using Telnet:
ciscoasa(config)# object network PATaddress1
ciscoasa(config-network-object)# host 209.165.202.129
Step 4
Add a service object for Telnet:
ciscoasa(config)# object service TelnetObj
ciscoasa(config-network-object)# service tcp destination eq telnet
Web and Telnet server:
209.165.201.11
Internet
Inside
Translation
209.165.202.129
10.1.2.27:80
10.1.2.27
10.1.2.0/24
Translation
209.165.202.130
10.1.2.27:23
Web Packet
Dest. Address:
209.165.201.11:80
Telnet Packet
Dest. Address:
209.165.201.11:23
1
3
0040