Cisco Cisco ASA 5585-X Adaptive Security Appliance 技术手册
This is the equivalent CLI output for this PAT configuration:
Allow Inside Hosts Access to Outside Networks with NAT
You could allow a group of inside hosts/networks to access the outside world with the
configuration of the dynamic NAT rules. Unlike PAT, Dynamic NAT allocates translated addresses
from a pool of addresses. As a result, a host is mapped to its own translated IP address and two
hosts cannot share the same translated IP address.
configuration of the dynamic NAT rules. Unlike PAT, Dynamic NAT allocates translated addresses
from a pool of addresses. As a result, a host is mapped to its own translated IP address and two
hosts cannot share the same translated IP address.
In order to accomplish this, you need to select the real address of the hosts/networks to be given
access and they then have to be mapped to a pool of translated IP addresses.
access and they then have to be mapped to a pool of translated IP addresses.
Complete these steps in order to allow inside hosts access to outside networks with NAT:
Choose Configuration > Firewall > NAT Rules. Click Add and then choose Network
Object in order to configure a dynamic NAT rule.
Object in order to configure a dynamic NAT rule.
1.
Configure the network/Host/Range for which Dynamic PAT is required. In this example, the
entire inside-network has been selected.
entire inside-network has been selected.
2.