18-21
Cisco Router and Security Device Manager Version 2.2 Users Guide
OL-4015-08
Chapter18 Network Addres s Translation
Network Address Translation Rules
Note If you create a NAT rule that would translate addresses of devices that are part of
a VPN, SDM will prompt you to allow it to create a route map that protects those
addresses from being translated by NAT. If NAT is allowed to translate addresses
of devices on a VPN, their translated addresses will not match the IPSec rule used
in the IPSec policy, and traffic will be sent unencrypted. You can view route maps
created by SDM or created using the CLI by clicking the View Route Maps button
in the NAT window.
Direction
Select the traffic direction that this rule applies to.
From outside to inside
Select this option if you want to translate incoming addresses to addresses that
will be valid on your LAN. One situation in which you may want to do this is
when you are merging networks and must make one set of incoming addresses
compatible with an existing set on the LAN the router serves.
This help topic describes how the remaining fields are used when From outsi de to
inside is chosen.
Translate from Interface
This area shows the interfaces from which packets needing address translation
may arrive. It provides fields for you to specify the IP address of a single host, or
a network address and subnet mask that represent the hosts on a network.
Outside Interfaces
If you choose From outside to inside, this area contains the designated outside
interfaces.
Note If this area contains no interface names, close the Add Address Translation Rule
window, click Designate NAT interfaces in the NAT window, and designate the
router interfaces as inside or outside. Then return to this window and configure
the NAT rule.