ASA Pre-8.3 to 8.

3 NAT configuration
examples
Static NAT/PAT

Pre-8.3 NAT

8.3 NAT

Regular Static NAT

object network obj-10.1.1.6

static (inside,outside) 192.168.100.100
10.1.1.6 netmask 255.255.255.255
Regular Static PAT

static (inside,outside) tcp 192.168.100.100
80 10.1.1.16 8080 netmask
255.255.255.255
Static Policy NAT

access-list NET1 permit ip host 10.1.2.27
10.76.5.0 255.255.255.224

host 10.1.1.6
nat (inside,outside) static 192.168.100.100
object network obj-10.1.1.16
host 10.1.1.16
nat (inside,outside) static 192.168.100.100 service tcp 8080 www

object network obj-10.1.2.27
host 10.1.2.27
object network obj-192.168.100.100

static (inside,outside) 192.168.100.100
access-list NET1

host 192.168.100.100
object network obj-10.76.5.0
subnet 10.76.5.0 255.255.255.224
nat (inside,outside) source static obj-10.1.2.27 obj-192.168.100.100
destination static obj-10.76.5.0 obj-10.76.5.0

Pre-8.3 NAT

8.3 NAT

Regular Dynamic PAT
nat (inside) 1 192.168.1.0 255.255.255.0

object network obj-192.168.1.0

nat (dmz) 1 10.1.1.0 255.255.255.0
global (outside) 1
192.168.100.100

subnet 192.168.1.0 255.255.255.0
nat (inside,outside) dynamic 192.168.100.100
object network obj-10.1.1.0
subnet 10.1.1.0 255.255.255.0
nat (dmz,outside) dynamic 192.168.100.100

Regular Dynamic PAT
nat (inside) 1 10.1.2.0 255.255.255.0

object network obj-10.1.2.0
subnet 10.1.2.0 255.255.255.0

Postings may contain unverified user-created content and change frequently. The content is provided as-is and
is not warrantied by Cisco.
1

100 object network obj-192.255.168.255.255.100 Postings may contain unverified user-created content and change frequently.1.1 Regular Dynamic PAT-3 object network obj_any subnet 0.29.0 255.168.dmz) dynamic 192.255.168.29.0 255.168.168.255.1 nat (inside.0 access-list ACL_NAT permit ip 172.1.255.255.255.255.168.255.0.0.255. 2 .0.100 host 192.100.168.0.2.0.outside) source dynamic obj-172.255.4.255. The content is provided as-is and is not warrantied by Cisco.0 255.0 access-list ACL_NAT permit ip 172.100.0 255.255.100.168.0.0 subnet 192.0 subnet 192.4.0 255.255.255.0.29.2.100 Policy Dynamic NAT (with multiple ACEs) obj-192.0 255.1.0 255.100 destination static og-net-dst og-net-dst service obj-tcp-eq-1500 obj-tcp-eq-1500 object network obj-172.0 nat (inside.255.0 object network obj-192.255.100 global (dmz) 1 192.168.3.0.0 255.0 192.0 object network obj-192.0 255.168.outside) source dynamic og-net-src obj-192.0 192.1.100.0 nat (inside.100.0 nat (inside) 1 access-list ACL_NAT host 192.100.255.1.168.0 255.0 subnet 192.0 nat (inside.0 192.ASA Pre-8.4.255.255.0 255.168.0-01 subnet 10.255.168.1.255.29.168.0.0 object network obj-192.255.255.100 access-list ACL_NAT permit ip 172.0.168.168.100.3 NAT configuration examples global (outside) 1 192.168.2.0.0 object-group network og-net-dst nat (inside.1.0 255.0 192.0 obj-192.255.255.2.0 255.0.168.168.168.0 static og-net-dst og-net-dst object-group service og-ser-src service obj-tcp-range-2001-65535 service-object tcp gt 2000 obj-tcp-range-2001-65535 service-object tcp eq 1500 access-list NET6 extended permit object-group og-ser-src nat (inside.168.100 destination network-object 192.29.29.0 255.100.3.0 subnet 172.255.1.100 object service obj-tcp-range-2001-65535 service tcp destination range 2001 65535 object-group network og-net-src network-object 192.2.0 255.0.29.168.3.200.168.0 255.2.168.168.255.100 object network obj-10.0 255.0.0 subnet 192.100.0 object network obj-192.3 to 8.outside) dynamic interface nat (inside) 1 0 0 global (outside) 1 interface Dynamic Policy NAT object network obj-192.0 access-list ACL_NAT permit ip 172.0.0 0.168.100.0 object service obj-tcp-eq-1500 service tcp destination eq 1500 network-object 192.outside) source dynamic og-net-src object-group og-net-src object-group og-net-dst nat (inside) 10 access-list NET6 global (outside) 10 192.168.outside) dynamic 192.0.

2.2 Not Possible .100.168.168.168.0 255.210 network-object object second-pat nat (inside.100.2.3.0 obj-192.1.255.255.255.1.200 object network obj-10.1.100.168.100_192.29.0 nat (inside) 1 10.0 255.0 obj-192.27 host 10.168.0.255.168.168.2.0 subnet 10.255.0 255.0 nat (inside.200 object network obj-10.4.100.255.100.100.168.100 destination static obj-192.0 object network second-pat host 192.1-------ASA----- --xlate-------> 10.100 192.168.168.168.3.168.168.0 nat (inside.168.100.ASA Pre-8.168.0.4.168.3 to 8.100.0.168.27 nat (inside.2.168.0 obj-192.168.0 Outside NAT object network obj-10.255 NAT & Interface PAT together object network obj-192.168. The content is provided as-is and is not warrantied by Cisco.100.168.0 outside static (inside.outside) source dynamic obj-172.100-192.100 destination static obj-192.1.10010 Translated ports: 20000 .100 destination static obj-192.100 destination static obj-192.29.2.168.100.100.27 netmask 255.100.255.100.0.200 range 192.100.0.1.100.168.30-1-10.200 interface NAT & Interface PAT with additional PAT together object network obj-192.2.1.outside) dynamic dynamic-nat-pat interface Static NAT for a Range of Ports (in) (out) 10.100.200 nat (inside) 1 10.2.1. global (inside) 1 10.100 192.200 global (outside) 1 192.168.1.168.outside) dynamic obj-192.1.40 nat (dmz) 1 10.29.outside) source dynamic obj-172.0 255.0.168.0 obj-192.dmz) static 10.210 global (outside) 1 interface object-group network dynamic-nat-pat network-object object obj-192.dmz) 10.1.0 global (outside) 1 interface global (outside) 1 192.Need to write multiple Statements or perform a Static one-to-one NAT Original Ports: 10000 .100.0 global (outside) 1 192.5 10.168.2.2.0 255.2.1.168.100.0.1.1.20010 object service ports service tcp source range 10000 10010 Postings may contain unverified user-created content and change frequently.168.0 nat (inside.2.1-192.100.168.100.100_192.100.0.0 obj-192.0 obj-192.100_192.1.2.outside) source dynamic obj-172.200 subnet 10.255.3 NAT configuration examples global (outside) 1 192.0 obj-192.100.1.200 range 192.0.0.0.1.0 nat (inside. 3 .0.100_192.0.

1.ASA Pre-8.2.1 object network server-xlate host 10.outside) source static server server-xlate service ports ports-x Postings may contain unverified user-created content and change frequently.2 nat (inside.3 to 8.2.1. The content is provided as-is and is not warrantied by Cisco. 4 .3 NAT configuration examples object service ports-xlate service tcp source range 20000 20010 object network server host 10.

Sign up to vote on this title
UsefulNot useful