The Policy Based NAT on a Cisco ASA module provides you with the instructions and Cisco hardware to develop your hands on skills in the following topics:

  • Configuring Policy based NAT with Source and Destination IP Addresses
  • Configuring Policy based NAT using Destination Ports

Exercise 1 - Configuring Policy Based NAT with Source and Destination IP Addresses

In this exercise, you will configure Policy based NAT, or simply policy NAT on a Cisco ASA.

Policy NAT lets you apply address translation by specifying the source and destination addresses in an extended access list. You can also optionally specify the source and destination ports. Regular NAT can only consider the source addresses.

PLABMGMT will be the internal device whose IP address will be Policy NAT’d, while PLABEXTCLI will be the external device that will be used to test the NAT configuration.

Currently, the lab topology is set up with Dynamic PAT where all of the internal devices on the subnet are Port Address Translated to the external IP address of the firewall which is You will configure Policy NAT so that** PLABMGMT** which has an internal IP address of will be translated to only when communicating with PLABEXTCLI which has an IP address of

Exercise 2 - Configuring Policy Based NAT using Destination Ports

In this exercise, you will modify your previous configuration such that policy NAT will use destination TCP ports as well as destination IP addresses.

Specifically, you will configure a policy NAT translation that will translate the IP address of PLABMGMT to whenever connecting to PLABEXTCLI using port 80.

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.