You are configuring dynamic PAT on a Cisco ASA 5500 using the CLI. The ASA is running software version
8.3.
Which of the following IP addresses can you configure inline? (Select the best answer.)
A.
inside global
B.
outside global
C.
inside local
D.
outside local
Explanation:
You can configure an inside global address inline if you are configuring dynamic Port Address Translation
(PAT) on a Cisco Adaptive Security Appliance (ASA) using the commandline interface (CLI). A global address
is a source or destination IP address as seen from the perspective of a host on the outside network. An inside
global address is an IP address that represents an internal host to the outside network? it can be configured
inline by using the nat command or defined within a network object.
On a Cisco ASA, a network object is a data structure that is used in place of inline IP information. You might
use a network object in place of configuring IP addresses, subnet masks, protocols, and port numbers if you
must configure that same information in multiple places. If the information you configure within the object ever
changes, you then need only modify the single object instead of locating and modifying each instance of the
inline IP information.
An object group is simply a group of network objects. By grouping network objects, you can enable the use of a
single application control engine (ACE) to make requests of multiple devices.
Inside global addresses are typically public IP addresses assigned by the administrator of the outside network.
Dynamic PAT can translate many inside local IP addresses to a single inside global IP address. In ASA terms,
the inside global address is also known as the mapped address, because it is the IP address that you want to
map to.
You are more likely to configure an inside local address in a network object or object group, not inline. A local
address is a source or destination IP address as seen from the perspective of a host on the inside network. An
inside local address is an IP address that represents an internal host to the inside network. Inside local
addresses are typically private IP addresses defined by Request for Comments (RFC) 1918. When a NAT
router receives a packet from a local host destined for the Internet, the router changes the inside local address
to an inside global address and forwards the packet to its destination.
You would not necessarily configure an outside local address in this scenario. An outside local address is an IP
address that represents an external host to the inside network. The outside local address is often the same as
the outside global address, particularly when inside hosts attempt to access resources on the Internet.
However, in some configurations, it is necessary to configure a NAT translation that allows a local address on
the internal network to identify an outside host.
You would not configure an outside global address in this scenario. An outside global address is an IP address
that represents an external host to the outside network. Outside global addresses are typically public IP
addresses assigned to an Internet host by the host’s operator. The outside global address is usually the
address registered with the Domain Name System (DNS) server that maps a host’s public IP address to a
friendly name, such as www.example.com.Cisco: Cisco ASA 5500 Series Configuration Guide Using the CLI, 8.3: Configuring Dynamic PAT (Hide)