23-18
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 23 Configuring Network Address Translation
NAT Policies on Security Devices
Translation Rules: PIX, FWSM, and pre-8.3 ASA
Use the Translation Rules page to define network address translation (NAT) rules on the selected device.
The Translation Rules page consists of the following tabs:
Translation Exemptions (NAT 0 ACL), page 23-19 – Use this tab to configure rules specifying traffic
that is exempt from address translation.
Note Translation exemptions are only supported by PIX, ASA and FWSM devices in router mode,
and FWSM 3.2 devices in transparent mode. Other devices in transparent mode support only
static translation rules.
Dynamic Rules Tab, page 23-21 – Use this tab to configure dynamic NAT and PAT rules.
Note Dynamic translation rules are only supported by PIX, ASA and FWSM devices in router
mode, and FWSM 3.2 devices in transparent mode. Other devices in transparent mode
support only static translation rules.
Policy Dynamic Rules Tab, page23-23 – Use this tab to configure dynamic translation rules based
on source and destination addresses and services.
Note Policy dynamic rules are only supported by PIX, ASA and FWSM devices in router mode,
and FWSM 3.2 devices in transparent mode. Other devices in transparent mode support only
static translation rules.
Pool ID Enter a unique identification number for this address pool, an integer
between 1 and 2147483647. When configuring a dynamic NAT rule,
you select a Pool ID to specify the pool of addresses to be used for
translation.
IP address ranges Enter or Select the addresses to be assigned to this address pool. You
can specify these addresses as follows:
Address range for dynamic NAT (e.g., 192.168.1.1-192.168.1.15)
Subnetwork (e.g., 192.168.1.0/24)
List of addresses separated by commas (e.g., 192.168.1.1,
192.168.1.2, 192.168.1.3)
Single address to use for PAT (e.g., 192.168.1.1)
Combinations of the above (e.g., 192.168.1.1-192.168.1.15,
192.168.1.25)
Names of hosts on the connected network; these will be resolved to
IP addresses.
Description Enter a description for the address pool.
Enable Interface PAT When checked, port address translation is enabled on the specified
interface.
Table23-6 Address Pools Dialog Box (Continued)
Element Description