Custom Search

To advertise on this site email advertise@goatnetworking.com

What is Manual NAT or Twice NAT on a Cisco ASA Firewall?

Site Admin
User avatar
Posts: 368
Joined: Wed Jan 04, 2012 2:36 pm

What is Manual NAT or Twice NAT on a Cisco ASA Firewall?

Postby admin » Fri Jul 13, 2012 7:20 am

Manual NAT is the same as Twice NAT

It is similar to Auto-NAT with the addition of adding the Destination IP and possibly the TCP port. Auto-NAT only works with the source IP address.

Example, I want a specific host to leave the company on a specific public IP, but only allowd to a specific destination IP address on a specific port.
Inside Host = 192.168.1.1
Public IP = 10.1.1.1
Destination = 172.16.5.1
TCP Port = 80

object-group network <source object>
network-object <INSIDE IP ADDRESSES>

object network <object of public ip>
host <OUTSIDE PUBLIC IP>

object service <obj-www>

service tcp destination eq www

object network <object of destination IP>
host <DESTINATION PUBLIC IP>

Nat (source_interface, egress_interface) source dynamic <source object> <object of public ip> destination static <object of destination IP> <object of destination IP> service <obj-www> <obj-www>



***needs <object of destination IP> two times at the end

***needs <obj-www> two times at the end

Return to Network Security

Twitter Facebook

Who is online

Users browsing this forum: No registered users and 1 guest