Configuring NAT
This chapter describes Network Address Translation, and includes the following sections:
•
•
•
•
•
•
•
NAT Overview
This section describes how NAT works on the security appliance, and includes the following topics:
•
•
•
•
•
•
•
•
Introduction to NAT
Address translation substitutes the real address in a packet with a mapped address that is routable on the
destination network. NAT is composed of two steps: the process by which a real address is translated
into a mapped address, and the process to undo translation for returning traffic.
The security appliance translates an address when a NAT rule matches the traffic. If no NAT rule
matches, processing for the packet continues. The exception is when you enable NAT control.
NAT control requires that packets traversing from a higher security interface (inside) to a lower security
OL-12172-03
NAT Overview, page 17-1
Configuring NAT Control, page 17-16
Using Dynamic NAT and PAT, page 17-17
Using Static NAT, page 17-26
Using Static PAT, page 17-27
Bypassing NAT, page 17-30
NAT Examples, page 17-34
Introduction to NAT, page 17-1
NAT Control, page 17-4
NAT Types, page 17-6
Policy NAT, page 17-10
NAT and Same Security Level Interfaces, page 17-13
Order of NAT Commands Used to Match Real Addresses, page 17-14
Mapped Address Guidelines, page 17-14
DNS and NAT, page 17-15
C H A P T E R
Cisco Security Appliance Command Line Configuration Guide
17
17-1