23-5
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter2 3 Configuring Network Address Translation
NAT Policies on Cisco IOS Routers
Bi-directional or Twice NAT
When creating a manual static rule, you can select the “Bi-directional” option, which will produce an
entry in the rules table that actually represents two static NAT rules, encompassing both translation
directions. That is, a static rule is created for the specified source/translated address pairing, along with
a mirror rule for the translated address/source pairing.
For example, if Bi-directional is chosen when you create a static rule with Host1 in the Source field and
Host2 in the Translated field, two lines are added to the rules table: one with Host1 being translated to
Host2, and one with Host2 being translated to Host1.
This is sometimes referred to as “Twice NAT” because only one look-up is required to fetch and process
what is in effect two rules.
Many-to-one Addressing
Generally, static NAT rules are configured with one-to-one address mapping. However, you can now
define static NAT rules in which many IP addresses map to a few or one IP address. Functionally,
many-to-few is the same as many-to-one, but because the configuration is more complicated, we
recommend creating a many-to-one rule for each address as needed.
Many-to-one addressing might be useful, for example, in a situation where a range of public IP addresses
is used to reach a load balancer which redirects requests to an internal network.
Related Topics
Configuring NAT on ASA 8.3+ Devices, page 23-32
Add and Edit NAT Rule Dialog Boxes, page 23-35
Add or Edit Network/Host Dialog Box: NAT Tab, page 23-41
NAT Policies on Cisco IOS Routers
You can configure NAT policies on a Cisco IOS router from the following tabs on the NAT policy page:
NAT Page: Interface Specification, page 23-6
NAT Page: Static Rules, page23-6
NAT Page: Dynamic Rules, page 23-10
NAT Page: Timeouts, page 23-13
Network Address Translation (NAT) converts private, internal LAN addresses into globally routable IP
addresses. NAT enables a small number of public IP addresses to provide global connectivity for a large
number of hosts.
For more information, see Understanding Network Address Translation, page23-2.
Navigation Path
(Device view) Select NAT from the Policy selector.
(Policy view) Select NAT (Router) from the Policy Type selector. Select an existing policy from the
Shared Policy selector, or create a new one.