Chapter26 Network Address Translation
Network Address Translation Rules
26-26
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Add or Edit Dynamic Address Translation Rule: Outside to Inside
Use this help topic when you have chosen From Outside to Inside in the Add
or the Edit Dynamic Address Translation Rule window.
Add or edit an address translation rule in this window. If you are editing a rule,
the rule type (static or dynamic) and the direction are disabled. If you need to
change these settings, delete the rule, and re-create it using the settings you want.
A dynamic address translation rule dynamically maps hosts to addresses, using
addresses included in a pool of addresses that are globally unique in the
destination network. The pool is defined by specifying a range of addresses and
giving the range a unique name. The configured router uses t he available
addresses in the pool (those not used for static translations or for its own WAN IP
address) for connections to the Internet or other outside network. When an address
is no longer in use, it is returned to the address pool to be dynamically assigned
to another device later.
Note If you create a NAT rule that would translate addresses of devices that are part of
a VPN, Cisco SDM will prompt you to allow it to create a route map that protects
those addresses from being translated by NAT. If NAT is allowed to translate
addresses of devices on a VPN, their translated addresses will not match the IPSec
rule used in the IPSec policy, and traffic will be sent unencrypted.
Direction
Choose the traffic direction for this rule.
From outside to inside
Choose this option if you want to translate incoming addresses to addresses that
will be valid on your LAN. You may want to do this when you are merging
networks and must make one set of incoming addresses compatible with an
existing set on the LAN served by the router.
This help topic describes how the remaining fields are used when From outsi de to
inside is chosen.