- Symmetric NAT
Standard, very restrictive. Only the original source and destination hosts can communicate together.
- Full-cone NAT
Any external host can use the NAT binding (the entry from the connection table about the NAT) and communicate with the internal server. Neither external IP or external port are checked when processing TCP/UDP packets.
- Restricted-cone NAT
Only the single remote host can use the NAT binding. The port is irrelevant.
- Port-restricted-cone NAT
Upside down to the "Restricted-clone NAT". Every host can reuse the NAT binding as long as it is using the original destination port number that was used when the NAT binding wascreated and stored in the NAT table in the FW memory. Take a look at the "X" and "V" paths at the illustration bellow:
Despite a good theoretical explanation that you can find on Cisco I wasn't able to find a working example for ASA. Found only some spare documents for the wireless routes in the context of SIP protocol. Does ASA supports these NAT types?