23-27
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter2 3 Configuring Network Address Translation
NAT Policies on Security Devices
Edit Translated Address Dialog Box
Use the Edit Translated Address dialog box to change just the translated address assigned to a static
translation rule. The translated address is the address to which the original address is changed. The
interface’s IP address can be used, or you can enter a specific IP address. See Static Rules Tab,
page 23-25 for more information about static rules and translated addresses.
Services If Policy NAT is enabled, enter or Select the Services to which the rule
applies.
Note For Static Policy NAT, IP is the only Service that can be specified.
The syntax for service and service-object specification is:
{tcp | udp | tcp&udp}/{source_port_number | port_list_object}/
{destination_port_number | port_list_object}
Note that if you enter only one port parameter, it is interpreted as the
destination port (with a source port of “any”). For example, tcp/4443 means
tcp, source port any, destination port 4443, while tcp/4443/Default Range
means tcp, source port 4443, and destination port Default Range (generally
1-65535).
As with all text-entry fields, Security Manager may display auto-complete
options. For example, if you type tcp/ in this field, an auto-complete list of
all Port Lists objects defined in Security Manager is displayed. This list will
include system-generated objects such as DEFAULT RANGE, HTTPS and
WEBPORTS.
Refer to Configuring Port List Objects, page 6-87 for more information
about Port Lists, and Configuring Service Objects, page 6-89 for more
information about defining Services.
Protocol If PAT is the selected Translation Type, select the protocol, TCP or UDP, to
which the rule applies.
Original Port If PAT is the selected Translation Type, enter the port number to be
translated.
Note that this parameter is displayed in the Static Rules table under the
column heading “Local Port.”
Translated Port If PAT is the selected Translation Type, enter the port number to which the
original port number will be translated.
Note that this parameter is displayed in the Static Rules table under the
column heading “Global Port.”
Category To assign the rule to a category, choose the category from this list. Categories
can help identify rules and objects using labels and color-coding. See Using
Category Objects, page 6-12 for more information.
Note No commands are generated for the Category attribute.
Description Enter a description of the rule.
Advanced button Click to open the Advanced NAT Options Dialog Box, page 23-28 to
configure advanced settings for this rule.
Table23-11 Add/Edit Static Rule Dialog Box (Continued)
Element Description