Filter
Top Products
23-43
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 23 Configuring Network Address Translation
NAT Policies on Security Devices
PAT Pool Address
Translation
This option is available when Dynamic NAT and PAT is the selected
Type. The related parameters let you specify a “pool” of IP addresses
to be used for specifically for port address translation, as well as change
the algorithm used for PAT mapping. Refer to PAT Pools and Round
Robin Allocation, page 23-40 for additional information about these
features.
Check the PAT Pool Address Translation box to enable the following
options:
• Use Address or Use Interface – Select Use Address to indicate
that the PAT Pool Address field contains networks/hosts (or
networks/hosts objects) for use as the PAT pool. Select Use
Interface to provide a Fallthrough Interface.
• PAT Pool Address – Enter or Select the desired Networks/Hosts or
desired Interface according to your Address or Interface selection
above.
• Use Round Robin Allocation for PAT Pool – Check this box to
map addresses/ports using a “round-robin” approach. See PAT
Pools and Round Robin Allocation, page 23-40 for more
information about this option.
• Extended PAT Table (Available for ASA 8.4(3) and later, not
including 8.5(1) or 8.6(1)) - Check this box to enable extended
PAT. Extended PAT uses 65535 ports per service, as opposed to per
IP address, by including the destination address and port in the
translation information. Normally, the destination port and address
are not considered when creating PAT translations, so you are
limited to 65535 ports per PAT address. For example, with
extended PAT, you can create a translation of 10.1.1.1:1027 when
going to 192.168.1.7:23 as well as a translation of 10.1.1.1:1027
when going to 192.168.1.7:80. This option is available for ASA
8.4(3) and later, not including 8.5(1) or 8.6(1).
• Flat Port Range (Available for ASA 8.4(3) and later, not including
8.5(1) or 8.6(1)) - Check this box to enable use of the entire 1024
to 65535 port range when allocating ports. When choosing the
mapped port number for a translation, the ASA uses the real source
port number if it is available. However, without this option, if the
real port is not available, by default the mapped ports are chosen
from the same range of ports as the real port number: 1 to 511, 512
to 1023, and 1024 to 65535. To avoid running out of ports at the
low ranges, configure this setting. To use the entire range of 1 to
65535, also select Include Reserve Ports.
• Include Reserve Ports (Available for ASA 8.4(3) and later, not
including 8.5(1) or 8.6(1)) - Check this box to include the reserve
ports, 1-1023, in the PAT range.
Table 23-15 Network/Host Dialog Box NAT Tab (Continued)
Element Description