CHAPT ER
30-1
Cisco ASA 5500 Series Configuration Guide using the CLI
30
Configuring Network Object NAT
All NAT rules that are configured as a parameter of a network object are considered to be network object
NAT rules. Network object NAT is a quick and easy way to configure NAT for a single IP address, a range
of addresses, or a subnet. After you configure the network object, you can then identify the mapped
address for that object.
This chapter describes how to configure network object NAT, and it includes the following sections:
Information About Network Object NAT, page30-1
Licensing Requirements for Network Object NAT, page30-2
Prerequisites for Network Object NAT, page 30-2
Guidelines and Limitations, page30-2
Default Settings, page30-3
Configuring Network Object NAT, page30-3
Monitoring Network Object NAT, page 30-14
Configuration Examples for Network Object NAT, page30-15
Feature History for Network Object NAT, page30-22
Note For detailed information about how NAT works, see Chapter29, “Information About NAT.”

Information About Network Object NAT

When a packet enters the ASA, both the source and destination IP addresses are checked against the
network object NAT rules. The source and destination address in the packet can be translated by separate
rules if separate matches are made. These rules are not tied to each other; different combinations of rules
can be used depending on the traffic.
Because the rules are never paired, you cannot specify that a source address should be translated to A
when going to destination X, but be translated to B when going to destination Y. Use twice NAT for that
kind of functionality (twice NAT lets you identify the source and destination address in a single rule).
For detailed information about the differences between twice NAT and network object NAT, see the
“How NAT is Implemented” section on page29-16.
Network object NAT rules are added to section 2 of the NAT rules table. For more information about
NAT ordering, see the “NAT Rule Order” section on page29-20.