Firewall
Configuring NAT Rules to Securely Access a Remote Network
Cisco ISA500 Series Integrated Security Appliances Administration Guide 264
6
For example, if an advanced NAT rule and a port forwarding rule conflict, then the
advanced NAT rule will take precedence over the port forwarding rule and the
port forwarding rule will not take effect.
Configuring Dynamic PAT RulesDynamic Port Address Translation (Dynamic PAT) can only be used to establish
connections from private network to public network. Dynamic PAT translates
multiple private addresses to one or more public IP address.
NOTE For the duration of the translation, a remote host can initiate a connection to the
translated host if a firewall rule allows it. Because the port address (both real and
mapped) is unpredictable, a connection to the host is unlikely. Nevertheless, in this
case, you can rely on the security of the firewall rules.
STEP 1 Click Firewall > NAT > Dynamic PAT.
STEP 2 Specify the PAT IP address for each WAN por t.
•Auto: Automatically use the IP address of the WAN port as the translated IP
address.
•Manual: Manually choose a single public IP address or a network address
as the translated IP address from the IP Address drop-down list. If the
address object that you want is not in the list, choose Create a new address
to create a new address object. To maintain the address objects, go to the
Networking > Address Management page. See Address Management ,
page175.
STEP 3 Translate multiple private IP addresses of a VLAN to one or more mapped IP
addresses.
•Enable WAN1: Check this box to translate all IP addresses of the selected
VLAN into the public IP address specified on the WAN1 port.
•Enable WAN2: Check this box to translate all IP addresses of the selected
VLAN into the public IP address specified on the WAN2 port.
•VLAN IP Address: The subnet IP address and netmask of the selected
VLAN.
STEP 4 Click Save to apply your settings.