Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to configure bi-directional NAT on the PIX/Adaptive Security Appliance (ASA) Firewall

Resolution

Cisco PIX 6.2 and later versions allow the application of Network Address Translation (NAT) and Port Address Translation (PAT) to traffic from an outside interface to an inside interface. This feature is referred to as bi-directional NAT. An outside interface is less secure, whereas an inside interface is considered more secure.

Outside NAT/PAT is similar to inside NAT/PAT, but the address translation is applied to addresses of hosts that reside on the outer interfaces of the PIX, which are less secure.


  • In order to configure dynamic outside NAT, specify the addresses to be translated on the outside interface, which is less secure. Then specify the global address or addresses on the secure inside interface.

    

  • In order to configure static outside NAT, use the static command to specify the one-to-one mapping.   


For configuration information, refer to the Outside NAT section of Using nat, global, static, conduit, and access-list Commands and Port Redirection on PIX.

Refer to the Using Outside NAT section of Establishing Connectivity for further information on outside NAT.


Note: For PIX Firewall version 7.0 and later, refer to PIX/ASA 7.x NAT and PAT Statements.

Refer to PIX 7.0 and Adaptive Security Appliance Port Redirection(Forwarding) with nat, global, static, conduit, and access-list Commands in order to understand how nat and static commands work on PIX 7.x.

Refer to the Configuring NAT Control section of Applying NAT on the ASA.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 03:37 PM
Updated by:
 
Labels (1)