Cisco Asdm 7 User Guide
Have a look at the manual Cisco Asdm 7 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
5-35 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuration Examples for Twice NAT Step 8Click OK to add the rule to the NAT table. Step 9Add a NAT rule for traffic from the inside network to DMZ network 2: By default, the NAT rule is added to the end of section 1. If you want to add a NAT rule to section 3, after the network object NAT rules, choose Add NAT Rule After Network Object NAT Rules. The Add NAT Rule dialog box appears.
5-36 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuration Examples for Twice NAT Step 10Set the source and destination interfaces: Step 11For the Original Source Address, type the name of the inside network object (myInsideNetwork) or click the browse button to choose it. Step 12For the Original Destination Address, click the browse button to add a new network object for DMZ network 2 in the Browse Original Destination Address dialog box. a.Add the new network object. b.Define the DMZ network 2 addresses, and click OK.
5-37 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuration Examples for Twice NAT c.Choose the new network object by double-clicking it. Click OK to return to the NAT configuration. Step 13Set the NAT Type to Dynamic PAT (Hide): Step 14For the Translated Source Address, click the browse button to add a new network object for the PAT address in the Browse Translated Source Address dialog box. a.Add the new network object. b.Define the PAT address, and click OK.
5-38 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuration Examples for Twice NAT c.Choose the new network object by double-clicking it. Click OK to return to the NAT configuration. Step 15For the Translated Destination Address, type the name of the Original Destination Address (DMZnetwork2) or click the browse button to choose it. Because you do not want to translate the destination address, you need to configure identity NAT for it by specifying the same address for the Original and Translated destination addresses. Step 16Click OK to add the rule to the NAT table. Step 17Click Apply.
5-39 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuration Examples for Twice NAT Different Translation Depending on the Destination Address and Port (Dynamic PAT) Figure 5-2 shows the use of source and destination ports. The host on the 10.1.2.0/24 network accesses a single host for both web services and Telnet services. When the host accesses the server for Telnet services, the real address is translated to 209.165.202.129:port. When the host accesses the same server for web services, the real address is translated to 209.165.202.130:port. Figure 5-2 Twice NAT with Different Destination Ports Step 1Add a NAT rule for traffic from the inside network to the Telnet server: By default, the NAT rule is added to the end of section 1. If you want to add a NAT rule to section 3, after the network object NAT rules, choose Add NAT Rule After Network Object NAT Rules. The Add NAT Rule dialog box appears. Web and Telnet server: 209.165.201.11 Internet Inside Translation 209.165.202.129 10.1.2.27:80 10.1.2.2710.1.2.0/24 Translation 209.165.202.130 10.1.2.27:23 Web Packet Dest. Address: 209.165.201.11:80Telnet Packet Dest. Address: 209.165.201.11:23 130040
5-40 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuration Examples for Twice NAT Step 2Set the source and destination interfaces: Step 3For the Original Source Address, click the browse button to add a new network object for the inside network in the Browse Original Source Address dialog box. a.Add the new network object. b.Define the inside network addresses, and click OK.
5-41 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuration Examples for Twice NAT c.Choose the new network object by double-clicking it. Click OK to return to the NAT configuration. Step 4For the Original Destination Address, click the browse button to add a new network object for the Telnet/Web server in the Browse Original Destination Address dialog box. a.Add the new network object. b.Define the server address, and click OK. c.Choose the new network object by double-clicking it. Click OK to return to the NAT configuration.
5-42 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuration Examples for Twice NAT Step 5For the Original Service, click the browse button to add a new service object for Telnet in the Browse Original Service dialog box. a.Add the new service object. b.Define the protocol and port, and click OK. c.Choose the new service object by double-clicking it. Click OK to return to the NAT configuration. Step 6Set the NAT Type to Dynamic PAT (Hide):
5-43 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuration Examples for Twice NAT Step 7For the Translated Source Address, click the browse button to add a new network object for the PAT address in the Browse Translated Source Address dialog box. a.Add the new network object. b.Define the PAT address, and click OK. c.Choose the new network object by double-clicking it. Click OK to return to the NAT configuration. Step 8For the Translated Destination Address, type the name of the Original Destination Address (TelnetWebServer) or click the browse button to choose it. Because you do not want to translate the destination address, you need to configure identity NAT for it by specifying the same address for the Original and Translated destination addresses.
5-44 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 5 Configuring Twice NAT (ASA 8.3 and Later) Configuration Examples for Twice NAT Step 9Click OK to add the rule to the NAT table. Step 10Add a NAT rule for traffic from the inside network to the web server: By default, the NAT rule is added to the end of section 1. If you want to add a NAT rule to section 3, after the network object NAT rules, choose Add NAT Rule After Network Object NAT Rules. The Add NAT Rule dialog box appears.