Which of the following statements is true regarding network object NAT on an ASA? (Select the best answer.)
A.
A single NAT rule can apply to both a source and destination address.
B.
A network object or group is a parameter of the NAT configuration.
C.
Network object NAT is more scalable than twice NAT.
D.
Network object NAT can use network object groups to specify real and mapped addresses.
E.
Network object NAT is easier to configure than twice NAT.
Explanation:
Network object Network Address Translation (NAT) is easier to configure than twice NAT on a Cisco Adaptive
Security Appliance (ASA) configuration. You can implement NAT in two ways on an ASA: network object NAT
and twice NAT. With network object NAT, NAT is a parameter of a network object and the network object
serves as the real address for the translation. Network object NAT can apply to either a source or destination
address? however, two separate NAT rules would be required to translate both a source and destination
address. Because of these restrictions and limitations, network object NAT is easier to configure than twice
NAT.
By contrast, twice NAT can use network objects and groups to represent real and mapped addresses. The
network objects or groups in a twice NAT configuration are parameters of the NAT configuration and can
represent source real, source mapped, destination real, and destination mapped addresses. In addition, service
objects can be used to represent real and mapped source and destination network ports. Twice NAT can
specify both source and destination addresses in a single NAT rule, which makes it more scalable than network
object NAT. However, the additional capabilities of twice NAT make it more difficult to configure than network
object NAT.Cisco: Information About NAT: How NAT is Implemented