30-12
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter30 Configuring Network Object NAT
Configuring Network Object NAT
Examples
The following example configures static NAT for the real host 10.1.1.1 on the inside to 10.2.2.2 on the
outside with DNS rewrite enabled.
hostname(config)# object network my-host-obj1
hostname(config-network-object)# host 10.1.1.1
hostname(config-network-object)# nat (inside,outside) static 10.2.2.2 dns
The following example configures static NAT for the real host 10.1.1.1 on the inside to 2.2.2.2 on the
outside using a mapped object.
hostname(config)# object network my-mapped-obj
hostname(config-network-object)# host 10.2.2.2
hostname(config-network-object)# object network my-host-obj1
hostname(config-network-object)# host 10.1.1.1
hostname(config-network-object)# nat (inside,outside) static my-mapped-obj
The following example configures static NAT-with-port-translation for 10.1.1.1 at TCP port 21 to the
outside interface at port 2121.
hostname(config)# object network my-ftp-server
hostname(config-network-object)# host 10.1.1.1
hostname(config-network-object)# nat (inside,outside) static interface service tcp 21 2121
Configuring Identity NAT
This section describes how to configure an identity NAT rule using network object NAT. For more
information, see the “Identity NAT” section on page29-11.
Detailed Steps
Command Purpose
Step1 (Optional)
object network obj_name
{host ip_address |
subnet subnet_address netmask |
range ip_address_1 ip_address_2}
Example:
hostname(config)# object network
MAPPED_IPS
hostname(config-network-object)# subnet
10.1.1.0 255.255.255.0
For the mapped addresses (which will be the same as the real
addresses), configure a network object. Alternatively, you can
skip this step if you want to enter the IPaddresses as an inline
value for the nat command.
For more information about configuring a network object, see the
“Configuring Objects” section on page 13-3.
Step2 object network obj_name
Example:
hostname(config)# object network
my-host-obj1
Configures a network object for which you want to perform
identity NAT, or enters object network configuration mode for an
existing network object.