Cisco Cisco ISA550W Integrated Security Appliance Quick Setup Guide
© 2012 Cisco Systems, Inc. All rights reserved.
Page 1 of 19
Application Not
Configuring NAT on the Cisco ISA500 Security Appliance
This application note provides information on how to configure various NAT (Network Address
Translation) methods on the ISA500 security appliance. It includes the following topics:
Translation) methods on the ISA500 security appliance. It includes the following topics:
•
•
•
•
•
•
•
•
•
•
•
Supported NAT Methods
Network Address Translation (NAT) enables private IP networks to connect to the Internet. NAT replaces
a private IP address with a public IP address, translating the private addresses in the internal private
network into legal, routable addresses that can be used on the public Internet.
a private IP address with a public IP address, translating the private addresses in the internal private
network into legal, routable addresses that can be used on the public Internet.
The ISA500 supports Port Forwarding, Static NAT, Dynamic PAT, Advanced NAT and Port Triggering
translation methods. These features can be used for different deployment scenarios as defined and
illustrated in this document.
translation methods. These features can be used for different deployment scenarios as defined and
illustrated in this document.
How Packets Flow through Different Services
It is important to understand the packet flow on the ISA500 to properly configure different functionalities.
shows the packet flow for various services. As illustrated, DNAT (Destination NAT) is performed
when the packet arrives from an interface before a forwarding decision (Prerouting) is made.
Subsequently, SNAT (Source NAT) is performed after a forwarding decision is made (Postrouting).
Subsequently, SNAT (Source NAT) is performed after a forwarding decision is made (Postrouting).