Filter
Top Products
23-47
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 23 Configuring Network Address Translation
NAT Policies on Security Devices
• Permit UDP from any (IPv4 and IPv6) to domain
These rules do not appear in the rule table.
Note You cannot remove these rules, and they always exist after any manually-created rules. Because rules
are evaluated in order, you can override the default rules. For example, to completely negate these rules,
you could add the following:
Deny TCP from any (IPv4 and IPv6) to any (IPv4 and IPv6)
Deny UDP from any (IPv4 and IPv6) to domain
Navigation Path
From the Per-Session NAT Rules: ASA 9.0(1)+ page, do one of the following:
• To add a rule, select the rule under which you want the rule added, and then click the Add Row
button below the rules table, or right-click anywhere inside the table and choose Add Row to open
the Add Per-Session NAT Rule dialog box.
• To edit a rule, select the rule and click the Edit Row button, or simply right-click the rule and choose
Edit Row to open the Edit Per-Session NAT Rule dialog box for that rule.
Related Topics
• Per-Session NAT Rules
• Chapter 23, “Configuring Network Address Translation”
• Translation Rules: ASA 8.3+, page 23-32
• Add or Edit Network/Host Dialog Box: NAT Tab, page 23-41
Field Reference
Table 23-16 Add and Edit NAT Rule Dialog Boxes
Element Description
Action The action for this rule: Permit or Deny.
A permit rule uses per-session PAT; a deny rule uses multi-session PAT.
Original Network The source address or addresses (or Networks/Hosts objects) to which
the rule applies. If this is a range or network, all addresses in the range
or network are translated.
Destination Network The destination address or addresses (or Networks/Hosts objects) to
which the rule applies.
Service (tcp/udp Only) Enter or Select the Service object that defines the service(s) to be
translated.
These service objects represent a service protocol (TCP or UDP), and
one or more ports. See Understanding and Specifying Services and
Service and Port List Objects, page 6-86 for information about
configuring service objects.