Filter
Top Products
23-36
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 23 Configuring Network Address Translation
NAT Policies on Security Devices
Source NAT Type The type of translation rule you are creating:
• Static – Provides static assignment of real addresses to mapped
addresses.
• Dynamic PAT (Hide) – Provides dynamic assignment of multiple
local addresses to a single global IP address and a unique port
number, in effect “hiding” the local addresses behind the one
global address.
• Dynamic NAT and PAT – Provides dynamic assignment of real
addresses to mapped addresses, and real ports to mapped ports.
Selecting this option adds the PAT Pool Address Translation
options to the dialog box. On devices operating in routed mode,
this option also provides the fallthrough option described below.
Note This selection applies only to the specified source translation;
destination translation is always static.
Source Translation
Original Source The source address the NAT rule will translate. If this is a range or
network, all addresses in the range or network are translated.
Translated Source
Address
Interface
Whether the translation is based on an address or an interface on the
device. Select either:
• Address – Translate the original address using the Networks/Hosts
object specified in the Translated Source field. This entry
represents the pool of translation addresses: enter or Select the
desired Networks/Hosts; defaults to the Original Source (which
will produce an Identity NAT rule).
• Interface – Translate the original address based on the interface
specified in the Destination Interface field.
For port address translation based on this interface, be sure to
configure the options in the Service Translation section (in the
Advanced panel of this dialog box).
If the Destination Interface is not defined, the Address/Interface
selection reverts to Address and the Original Source is inserted into
the Address field. This produces an Identity NAT rule, meaning the
specified address(es) are translated to themselves (effectively not
translated); Identity NAT applies to outbound connections only.
Note These options are not available when Dynamic NAT and PAT is
the selected Type, nor are they available on devices operating in
transparent mode.
Table 23-14 Add and Edit NAT Rule Dialog Boxes (Continued)
Element Description