You are configuring dynamic PAT on a Cisco ASA 5500 using the CLI. The ASA is running software version 8.3.Which of the following IP addresses must be configured within a network object or object group? (Select the best answer.)
- inside global
- outside global
- inside local
- outside local
Of the available options, an inside local address must be configured within a network object or object group if you are configuring dynamic Port Address Translation (PAT) on a Cisco Adaptive Security Appliance (ASA) 5500 using the commandline interface (CLI) if the ASA is running software version 8.3. A local address is a source or destination IP address as seen from the perspective of a host on the inside network.
On a Cisco ASA, a network object is a data structure that is used in place of inline IP information. You might use a network object in place of configuring IP addresses, subnet masks, protocols, and port numbers if you must configure that same information in multiple places. If the information you configure within the object ever changes, you then need only modify the single object instead of locating and modifying each instance of the inline IP information.
An object group is simply a group of network objects. By grouping network objects, you can enable the use of a single application control engine (ACE) to make requests of multiple devices.
An inside local address is an IP address that represents an internal host to the inside network. Inside local addresses are typically private IP addresses defined by Request for Comments (RFC) 1918. When a NAT router receives a packet from a local host destined for the Internet, the router changes the inside local address to an inside global address and forwards the packet to its destination.
You can configure an inside global address inline or as part of a network object or object group on an ASA running software version 8.3. An inside global address is an IP address that represents an internal host to the outside network. Inside global addresses are typically public IP addresses assigned by the administrator of the outside network.
You would not configure an outside global address in this scenario. An outside global address is an IP address that represents an external host to the outside network. Outside global addresses are typically public IP addresses assigned to an Internet host by the host’s operator. The outside global address is usually the address registered with the Domain Name System (DNS) server that maps a host’s public IP address to a friendly name, such as www.example.com.You are not likely to configure an outside local address in this scenario. An outside local address is an IP address that represents an external host to the inside network. The outside local address is often the same as the outside global address, particularly when inside hosts attempt to access resources on the Internet. However, in some configurations, it is necessary to configure a NAT translation that allows a local address on the internal network to identify an outside host.