Latest

Cisco ASA Series 2: Configuring NAT

Cisco ASA Series 2: Configuring NAT

Address translation replaces a packet's actual address with a mapped address that can be routed through the destination network. The two steps that make up NAT are the procedure to translate a real address into a mapped address and the procedure to reverse translation for returning traffic.

Start by clicking the Configure button, and then clicking the NAT button

Fig 1.1- ASDM

You will see the default NAT rule on the screen.

We will want to add an entry for the Inside VLAN. Click the default NAT rule, and then click the Edit button.

Fig 1.2- ASDM


Change the Inside address to reflect that of your network (in this lab 192.168.1.0 with a subnet mask of 255.255.255.0). When you are done, click OK. 

Now click Apply at the bottom of the ASDM screen.
Click Tools > Command Line, and enter the command show run to see what changes you have made. 

You should notice that we have successfully created one half of the NAT translation configuration by identifying the Inside VLAN’s addresses. Now we need to identify the Outside Global addresses. 

Go back to the NAT rule you just created. Click the Edit button.
Under Dynamic Translation, select the Outside interface and click Edit. This will bring up a new window where you can edit the translation rules. 


Fig 1.3- ASDM


Enter the global IP address Range. In the Lab, we will be using 192.168.10.2 – 192.168.10.10 with a subnet mask of 255.255.255.0.

When you are done, click the Add button.
Remove the generic Outside interface address pool by highlighting it, and selecting the Delete option.

When you are done, click Apply.
If you go back to Tools > Command Line and execute the show run command, you will now see the complete NAT configuration.