Filter
Top Products
23-38
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 23 Configuring Network Address Translation
NAT Policies on Security Devices
Destination Translation
Use the options in this section to configure optional static translation of destination addresses:
Note If defined, Destination Translation is always static, regardless of the rule Type.
Note These options are not available on devices operating in transparent mode.
Original Destination
Address
Interface
Whether the translation is based on an address or an interface on the
device. Select either:
• Address - Translate the original destination using the
Networks/Hosts object specified in the Translated Destination
field.
If Address is selected, specify the Networks/Hosts object, whose
original destination addresses should be translated, in the Original
Destination entry field.
• Interface – Translate the original destination using the
Networks/Hosts object specified in the Translated Destination
field.
If Interface is selected, enter or select the desired interface in the
Destination Interface field. The Interface Selector list contains all
interfaces currently defined on the device.
Translated Destination This entry represents the pool of destination addresses to use for
translation: enter or select the desired Networks/Hosts object.
Service Translation
Use the options in this section to configure port address translation.
These service objects represent a service protocol (TCP or UDP), and one or more ports. The mapping
of original ports to translated port is circular. That is, the first original value is mapped to the first
translated value, and the second original value is mapped to the second translated value, and so on until
all original values are translated. If the pool of translated port is exhausted before that point, mapping
continues using the first translated value again. See Understanding and Specifying Services and
Service and Port List Objects, page 6-86 for information about configuring service objects.
Note Service Translation and the following Translate DNS replies that match this rule option
cannot be used together.
Original Service Enter or select the Service object that defines the service(s) to be
translated. Leave the Original Service field blank to configure
translation of any service to the specified Translated Service.
Note The protocol specified in both Service objects must be the
same.
Translated Service Enter or select the Service object that provides the service(s) to be used
for translation.
Options
Table 23-14 Add and Edit NAT Rule Dialog Boxes (Continued)
Element Description