Cisco Asdm 7 User Guide
Have a look at the manual Cisco Asdm 7 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
4-25 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuration Examples for Network Object NAT Step 3Enable dynamic NAT for the inside network: Step 4For the Translated Addr field, add a new network object for the dynamic NAT pool to which you want to translate the inside addresses by clicking the browse button. a.Add the new network object.
4-26 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuration Examples for Network Object NAT b.Define the NAT pool addresses, and click OK. c.Choose the new network object by double-clicking it. Click OK to return to the NAT configuration. Step 5Configure the real and mapped interfaces by clicking Advanced:
4-27 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuration Examples for Network Object NAT Step 6Click OK to return to the Edit Network Object dialog box, click then click OK again to return to the NAT Rules table. Step 7Create a network object for the outside web server: Step 8Define the web server address: Step 9Configure static NAT for the web server: Step 10Configure the real and mapped interfaces by clicking Advanced:
4-28 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuration Examples for Network Object NAT Step 11Click OK to return to the Edit Network Object dialog box, click OK again, and then click Apply. Inside Load Balancer with Multiple Mapped Addresses (Static NAT, One-to-Many) The following example shows an inside load balancer that is translated to multiple IP addresses. When an outside host accesses one of the mapped IP addresses, it is untranslated to the single load balancer address. Depending on the URL requested, it redirects traffic to the correct web server. (See Figure 4-3).
4-29 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuration Examples for Network Object NAT Figure 4-3 Static NAT with One-to-Many for an Inside Load Balancer Step 1Create a network object for the load balancer: Step 2Define the load balancer address: Host Outside Inside Load Balancer 10.1.2.27 Web Servers Undo Translation 10.1.2.27 209.165.201.3 Undo Translation 10.1.2.27 209.165.201.4 Undo Translation 10.1.2.27 209.165.201.5 248633
4-30 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuration Examples for Network Object NAT Step 3Configure static NAT for the load balancer: Step 4For the Translated Addr field, add a new network object for the static NAT group of addresses to which you want to translate the load balancer address by clicking the browse button. a.Add the new network object. b.Define the static NAT group of addresses, and click OK.
4-31 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuration Examples for Network Object NAT c.Choose the new network object by double-clicking it. Click OK to return to the NAT configuration. Step 5Configure the real and mapped interfaces by clicking Advanced: Step 6Click OK to return to the Edit Network Object dialog box, click OK again, and then click Apply.
4-32 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuration Examples for Network Object NAT Single Address for FTP, HTTP, and SMTP (Static NAT-with-Port-Translation) The following static NAT-with-port-translation example provides a single address for remote users to access FTP, HTTP, and SMTP. These servers are actually different devices on the real network, but for each server, you can specify static NAT-with-port-translation rules that use the same mapped IP address, but different ports. (See Figure 4-4.) Figure 4-4 Static NAT-with-Port-Translation Step 1Create a network object for the FTP server address: Step 2Define the FTP server address, and configure static NAT with identity port translation for the FTP server: Host Outside Inside Undo Translation 10.1.2.27 209.165.201.3:21 Undo Translation 10.1.2.28 209.165.201.3:80 Undo Translation 10.1.2.29 209.165.201.3:25 FTP server 10.1.2.27 HTTP server 10.1.2.28SMTP server 10.1.2.29 130031
4-33 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuration Examples for Network Object NAT Step 3Click Advanced to configure the real and mapped interfaces and port translation for FTP. Step 4Create a network object for the HTTP server address: Step 5Define the HTTP server address, and configure static NAT with identity port translation for the HTTP server:
4-34 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 4 Configuring Network Object NAT (ASA 8.3 and Later) Configuration Examples for Network Object NAT Step 6Click Advanced to configure the real and mapped interfaces and port translation for HTTP. Step 7Create a network object for the SMTP server address: Step 8Define the SMTP server address, and configure static NAT with identity port translation for the SMTP server: