31-17
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter31 Configuring Twice NAT
Configuring Twice NAT
Step5 (Optional)
object service obj_name
service {tcp | udp} [source operator
port] [destination operator port]
Example:
hostname(config)# object service
REAL_SRC_SVC
hostname(config-service-object)# service
tcp source eq 80
hostname(config)# object service
MAPPED_SRC_SVC
hostname(config-service-object)# service
tcp source eq 8080
Configure service objects for:
Source or destination real port
Source or destination mapped port
A service object can contain both a source and destination port;
however, you should specify either the source or the destination
port for both service objects. You should only specify both the
source and destination ports if your application uses a fixed
source port (such as some DNS servers); but fixed source ports are
rare. NAT only supports TCP or UDP. When translating a port, be
sure the protocols in the real and mapped service objects are
identical (both TCP or both UDP). For identity NAT, you can use
the same service object for both the real and mapped ports. The
“not equal” (neq) operator is not supported.
For example, if you want to translate the port for the source host,
then configure the source service.
Command Purpose