Manuals / Cisco Systems / Computer Equipment / Network Router

Cisco Systems and the ASA Services Module Static Interface NAT with Port Translation section on

Models: ASA 5555-X and the ASA Services Module ASA 5545-X ASA 5585-X ASA 5580 ASA 5505

1 712
Download 712 pages 25.77 Kb
Page 149
Image 149

Chapter 5 Configuring Twice NAT

Configuring Twice NAT

 

Command

Purpose

Step 3

 

 

nat [(real_ifc,mapped_ifc)]

Configures identity NAT. See the following guidelines:

 

[line {after-object [line]}]

Interfaces—(Required for transparent mode) Specify the real

 

source static {nw_obj nw_obj any any}

 

[destination static {mapped_obj

and mapped interfaces. Be sure to include the parentheses in

 

interface [ipv6]} real_obj]

your command. In routed mode, if you do not specify the real

 

[service real_src_mapped_dest_svc_obj

and mapped interfaces, all interfaces are used; you can also

 

mapped_src_real_dest_svc_obj]

 

specify the keyword any for one or both of the interfaces.

 

[no-proxy-arp][route-lookup] [inactive]

 

 

 

[description desc]

Section and Line—(Optional) By default, the NAT rule is

 

 

added to the end of section 1 of the NAT table. See the “NAT

 

Example:

Rule Order” section on page 3-18for more information about

 

sections. If you want to add the rule into section 3 instead

 

ciscoasa(config)# nat (inside,outside)

 

source static MyInsNet MyInsNet

(after the network object NAT rules), then use the after-auto

 

destination static Server1 Server1

keyword. You can insert a rule anywhere in the applicable

 

 

section using the line argument.

 

 

Source addresses—Specify a network object, group, or the

 

 

any keyword for both the real and mapped addresses.

 

 

Destination addresses (Optional):

 

 

Mapped—Specify a network object or group, or for static

 

 

interface NAT with port translation only, specify the

 

 

interface keyword (routed mode only).If you specify

 

 

ipv6, then the IPv6 address of the interface is used. If you

 

 

specify interface, be sure to also configure the service

 

 

keyword (in this case, the service objects should include

 

 

only the destination port). For this option, you must

 

 

configure a specific interface for the real_ifc. See the

 

 

“Static Interface NAT with Port Translation” section on

 

 

page 3-5for more information.

 

 

Real—Specify a network object or group. For identity

 

 

NAT, simply use the same object or group for both the

 

 

real and mapped addresses.

 

 

Port—(Optional) Specify the service keyword along with the

 

 

real and mapped service objects. For source port translation,

 

 

the objects must specify the source service. The order of the

 

 

service objects in the command for source port translation is

 

 

service real_obj mapped_obj. For destination port

 

 

translation, the objects must specify the destination service.

 

 

The order of the service objects for destination port

 

 

translation is service mapped_obj real_obj. In the rare case

 

 

where you specify both the source and destination ports in the

 

 

object, the first service object contains the real source

 

 

port/mapped destination port; the second service object

 

 

contains the mapped source port/real destination port. For

 

 

identity port translation, simply use the same service object

 

 

for both the real and mapped ports (source and/or destination

 

 

ports, depending on your configuration).

 

 

 

Cisco ASA Series Firewall CLI Configuration Guide

5-23

Page 148 Page 150
Page 149
Image 149
Cisco Systems and the ASA Services Module, ASA 5505, ASA 5545-X manual Static Interface NAT with Port Translation section on
Page 148 Page 150

ASA 5555-X, and the ASA Services Module, ASA 5545-X, ASA 5585-X, ASA 5580 specifications

Cisco Systems has long been a leader in the field of network security, and its Adaptive Security Appliance (ASA) series is a testament to this expertise. Within the ASA lineup, models such as the ASA 5505, ASA 5580, ASA 5585-X, ASA 5545-X, and ASA 5555-X stand out for their unique features, capabilities, and technological advancements.

The Cisco ASA 5505 is designed for small businesses or branch offices. It provides essential security features such as firewall protection, flexible VPN capabilities, and intrusion prevention. The ASA 5505 supports a user-friendly interface, allowing for straightforward management. Its built-in threat detection and prevention tools provide a layered defense, and with scalability in mind, it can accommodate various expansion options as organizational needs grow.

Moving up the line, the ASA 5580 delivers greater throughput and advanced security features. This model is suited for medium to large enterprises that require robust protection against increasingly sophisticated threats. Its multi-core architecture allows it to manage high volumes of traffic seamlessly while maintaining excellent performance levels. The ASA 5580 also supports application-layer security and customizable access policies, making it highly adaptable to diverse security environments.

The ASA 5585-X further enhances Cisco's security offerings with advanced malware protection and extensive security intelligence capabilities. It incorporates next-generation firewall features, including context-aware security, and supports advanced threat detection technologies. This model is ideal for large enterprises or data centers that prioritize security while ensuring uninterrupted network performance and availability.

For enterprises requiring a balance of performance and security, the ASA 5545-X presents a compelling option. This model features scalable performance metrics, high availability, and integrated advanced threat protection. Coupled with advanced endpoint protection and detailed monitoring capabilities, the ASA 5545-X enables organizations to manage their security posture effectively.

Lastly, the ASA 5555-X blends cutting-edge technologies with strong security infrastructures. It boasts high throughput and the ability to execute deep packet inspections. Its sophisticated architecture supports threat intelligence feeds that provide real-time security updates, making it a powerful tool against modern threats.

Each of these Cisco ASA models brings specific advantages to varied environments. Their integrative capabilities enable businesses to enhance their security postures while benefiting from seamless scalability and management. As cybersecurity threats evolve, these advanced appliances play a vital role in protecting valuable digital assets.