You are configuring dynamic PAT on a Cisco ASA 5500 using the CLI. The ASA is running software version 8.3.
Which of the following IP addresses can you configure inline? (Select the best answer.)
- inside global
- outside global
- inside local
- outside local
You can configure an inside global address inline if you are configuring dynamic Port Address Translation (PAT) on a Cisco Adaptive Security Appliance (ASA) using the commandline interface (CLI). A global address is a source or destination IP address as seen from the perspective of a host on the outside network. An inside global address is an IP address that represents an internal host to the outside network? it can be configured inline by using the nat command or defined within a network object.
On a Cisco ASA, a network object is a data structure that is used in place of inline IP information. You might use a network object in place of configuring IP addresses, subnet masks, protocols, and port numbers if you must configure that same information in multiple places. If the information you configure within the object ever changes, you then need only modify the single object instead of locating and modifying each instance of the inline IP information.
An object group is simply a group of network objects. By grouping network objects, you can enable the use of a single application control engine (ACE) to make requests of multiple devices.
Inside global addresses are typically public IP addresses assigned by the administrator of the outside network. Dynamic PAT can translate many inside local IP addresses to a single inside global IP address. In ASA terms, the inside global address is also known as the mapped address, because it is the IP address that you want to map to.
You are more likely to configure an inside local address in a network object or object group, not inline. A local address is a source or destination IP address as seen from the perspective of a host on the inside network. An inside local address is an IP address that represents an internal host to the inside network. Inside local addresses are typically private IP addresses defined by Request for Comments (RFC) 1918. When a NAT router receives a packet from a local host destined for the Internet, the router changes the inside local address to an inside global address and forwards the packet to its destination.
You would not necessarily configure an outside local address in this scenario. An outside local address is an IP address that represents an external host to the inside network. The outside local address is often the same as the outside global address, particularly when inside hosts attempt to access resources on the Internet. However, in some configurations, it is necessary to configure a NAT translation that allows a local address on the internal network to identify an outside host.
You would not configure an outside global address in this scenario. An outside global address is an IP address that represents an external host to the outside network. Outside global addresses are typically public IP addresses assigned to an Internet host by the host’s operator. The outside global address is usually the address registered with the Domain Name System (DNS) server that maps a host’s public IP address to a friendly name, such as www.example.com.