NAT in ASA Firewall
•
6 likes•1,067 views
This document discusses different types of Network Address Translation (NAT) that can be configured on an ASA firewall. It provides details on static NAT, dynamic NAT, dynamic port address translation (PAT), identity NAT, and policy NAT. It also covers the order of preference between NAT types and discusses the differences between auto NAT and manual NAT. Key commands for viewing NAT translations are listed such as 'sh xlate', 'sh nat', and 'sh local-host'.
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to NAT in ASA Firewall
Similar to NAT in ASA Firewall (20)
More from NetProtocol Xpert
More from NetProtocol Xpert (20)
Recently uploaded
Recently uploaded (20)
NAT in ASA Firewall
- 1. NAT IN ASA FIREWALL WWW.NETPROTOCOLXPERT.IN
- 3. WHAT IS THE COMMAND TO SWITCH BACK TO SINGLE MODE? • # MODE SINGLE WHAT ARE DIFFERENT TYPES OF NAT IN ASA? • STATIC NAT - A CONSISTENT MAPPING BETWEEN A REAL AND MAPPED IP ADDRESS. IT ALLOWS BIDIRECTIONAL TRAFFIC INITIATION. • DYNAMIC NAT - A GROUP OF REAL IP ADDRESSES ARE MAPPED TO A (USUALLY SMALLER) GROUP OF MAPPED IP ADDRESSES ON A FIRST COME FIRST SERVED BASIS. IT ALLOWS ONLY UNIDIRECTIONAL TRAFFIC INITIATION. • DYNAMIC PORT ADDRESS TRANSLATION (PAT) - A GROUP OF REAL IP ADDRESSES ARE MAPPED TO A SINGLE IP ADDRESS USING A UNIQUE SOURCE PORT OF THAT IP ADDRESS. • IDENTITY NAT - A REAL ADDRESS IS STATICALLY TRANSLATED TO ITSELF, ESSENTIALLY BYPASSING NAT.
- 4. WHAT IS POLICY NAT? • POLICY NAT ALLOWS YOU TO NAT BY SPECIFYING BOTH THE SOURCE AND DESTINATION ADDRESSES IN AN EXTENDED ACCESS LIST. WE CAN ALSO OPTIONALLY SPECIFY THE SOURCE AND DESTINATION PORTS. REGULAR NAT CAN ONLY CONSIDER THE SOURCE ADDRESSES, NOT THE DESTINATION ADDRESS . • IN STATIC NAT IT IS CALLED AS STATIC POLICY NAT. • IN DYNAMIC NAT IT IS CALLED AS DYNAMIC POLICY NAT.
- 5. GIVE THE ORDER OF PREFERENCE BETWEEN DIFFERENT TYPES OF NAT? 1.NAT EXEMPTION. 2.EXISTING TRANSLATION IN XLATE. 3.STATIC NAT • STATIC IDENTITY NAT • STATIC POLICY NAT • STATIC NAT • STATIC PAT 4.DYNAMIC NAT • NAT ZERO • DYNAMIC POLICY NAT • DYNAMIC NAT • DYNAMIC PAT
- 6. WHAT IS THE DIFFERENCE BETWEEN AUTO NAT & MANUAL NAT? • AUTO NAT (NETWORK OBJECT NAT) - IT ONLY CONSIDERS THE SOURCE ADDRESS WHILE PERFORMING NAT. SO, AUTO NAT IS ONLY USED FOR STATIC OR DYNAMIC NAT. AUTO NAT IS CONFIGURED WITHIN AN OBJECT. • MANUAL NAT (TWICE NAT) - MANUAL NAT CONSIDERS EITHER ONLY THE SOURCE ADDRESS OR THE SOURCE AND DESTINATION ADDRESS WHILE PERFORMING NAT. IT CAN BE USED FOR ALMOST ALL TYPES OF NAT LIKE NAT EXEMPT, POLICY NAT ETC. UNLIKE AUTO NAT THAT IS CONFIGURED WITHIN AN OBJECT, MANUAL NAT IS CONFIGURED DIRECTLY FROM THE GLOBAL CONFIGURATION MODE.
- 7. • GIVE NAT ORDER IN TERMS OF AUTO NAT & MANUAL NAT? • NAT IS ORDERED IN 3 SECTIONS. SECTION 1 – MANUAL NAT SECTION 2 – AUTO NAT SECTION 3 – MANUAL NAT AFTER-AUTO
- 8. WHAT ARE THE COMMAND TO SEE NAT TRANSLATIONS? • # SH XLATE • # SH NAT WHAT IS THE COMMAND TO SEE BOTH NAT TABLE AND CONNECTION TABLE? • # SH LOCAL-HOST