On the Cisco ASA Software Version 8.3 and later, which type of NAT configuration can be used to
translate the source and destination IP addresses of the packet?
A.
auto NAT
B.
object NAT
C.
one-to-one NAT
D.
many-to-one NAT
E.
manual NAT
F.
identity NAT
Explanation:
http://tunnelsup.com/2011/06/24/nat-for-cisco-asas-version-8-3/
Manual NAT or Twice NAT or Policy NAT or Reverse NAT
The limitation that Auto NAT has is that it cannot take the destination into consideration when
conducting it’s NAT. This also of course results in it not being able to alter the destination address
either. To accomplish either of these tasks you must use “manual NAT”.
All of these terms are identical: Manual NAT, Twice NAT, Policy NAT, Reverse NAT. Don’t be
confused by fancy mumbo jumbo.
http://www.cisco.com/en/US/docs/security/asa/asa83/asdm63/configuration_guide/nat_overviewht
ml#wpxref64594
Main Differences Between Network Object NAT and Twice NAT
The main differences between these two NAT types are:
•How you define the real address.
–Network object NAT—You define NAT as a parameter for a network object; the network object
definition itself provides the real address. This method lets you easily add NAT to network objects.
The objects can also be used in other parts of your configuration, for example, for access rules or
even in twice NAT rules. –Twice NAT—You identify a network object or network object group for
both the real and mapped addresses.
In this case, NAT is not a parameter of the network object; the network object or group is a
parameter of the NAT configuration. The ability to use a network object group for the real address
means that twice NAT is more scalable.
•How source and destination NAT is implemented.
–Network object NAT— Each rule can apply to either the source or destination of a packet. So two
rules might be used, one for the source IP address, and one for the destination IP address. Thesetwo rules cannot be tied together to enforce a specific translation for a source/destination
combination.
–Twice NAT—A single rule translates both the source and destination. A matching packet only
matches the one rule, and further rules are not checked. Even if you do not configure the optional
destination address for twice NAT, a matching packet still only matches one twice NAT rule. The
source and destination are tied together, so you can enforce different translations depending on
the source/destination combination. For example, sourceA/destinationA can have a different
translation than sourceA/destinationB.
•Order of NAT Rules.
–Network object NAT—Automatically ordered in the NAT table.
–Twice NAT—Manually ordered in the NAT table (before or after network object NAT rules).