Filter
Top Products
23-37
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 23 Configuring Network Address Translation
NAT Policies on Security Devices
PAT Pool Address
Translation
This option is available when Dynamic NAT and PAT is the selected
Type. The related parameters let you specify a “pool” of IP addresses
to be used for specifically for port address translation, as well as change
the algorithm used for PAT mapping. Refer to PAT Pools and Round
Robin Allocation, page 23-40 for additional information about these
features.
Check the PAT Pool Address Translation box to enable the following
options:
• Address or Interface – Select Address to indicate that the PAT
Pool Address field contains networks/hosts (or networks/hosts
objects) for use as the PAT pool. Select Interface to provide a
Fallthrough Interface.
• Address – Enter or Select the desired Networks/Hosts or desired
Interface according to your Address or Interface selection above.
• Use Round Robin Allocation – Check this box to map
addresses/ports using a “round-robin” approach. See PAT Pools
and Round Robin Allocation, page 23-40 for more information
about this option.
• Extended PAT Table (Available for ASA 8.4(3) and later, not
including 8.5(1) or 8.6(1)) - Check this box to enable extended
PAT. Extended PAT uses 65535 ports per service, as opposed to per
IP address, by including the destination address and port in the
translation information. Normally, the destination port and address
are not considered when creating PAT translations, so you are
limited to 65535 ports per PAT address. For example, with
extended PAT, you can create a translation of 10.1.1.1:1027 when
going to 192.168.1.7:23 as well as a translation of 10.1.1.1:1027
when going to 192.168.1.7:80. This option is available for ASA
8.4(3) and later, not including 8.5(1) or 8.6(1).
• Flat Port Range (Available for ASA 8.4(3) and later, not including
8.5(1) or 8.6(1)) - Check this box to enable use of the entire 1024
to 65535 port range when allocating ports. When choosing the
mapped port number for a translation, the ASA uses the real source
port number if it is available. However, without this option, if the
real port is not available, by default the mapped ports are chosen
from the same range of ports as the real port number: 1 to 511, 512
to 1023, and 1024 to 65535. To avoid running out of ports at the
low ranges, configure this setting. To use the entire range of 1 to
65535, also select Include Reserve Ports.
• Include Reserve Ports (Available for ASA 8.4(3) and later, not
including 8.5(1) or 8.6(1)) - Check this box to include the reserve
ports, 1-1023, in the PAT range.
Table 23-14 Add and Edit NAT Rule Dialog Boxes (Continued)
Element Description