Cisco Cisco Firepower Management Center 4000

You add ranges in the following format: lower IP address-upper IP address. For example: 

179.13.1.1-179.13.1.10

.

The list updates to display your entry. See 

 for more 

information.

Save or continue editing the rule.

You must apply the NAT policy for your changes to take effect; see 

.

Any

You configure the matching values and translation values of the destination IP address for packets. Note 
that you cannot configure translated destination networks for dynamic NAT rules.

Because static NAT rules are one-to-one translations, the 

 list contains only network 

objects and groups that contain only a single IP address. For static translations, you can add only a single 
object or literal value to both the 

 or 

 lists.

If a network object or object group is being used by a NAT rule, and you change or delete the object or 
group, it can cause the rule to become invalid.

You can add any of the following kinds of destination network conditions to a NAT rule:

individual and group network objects that you have created using the object manager

See 

 for information on creating individual and group 

network objects using the object manager.

individual network objects that you add from the Destination Network conditions page, and can then 
add to your rule and to other existing and future rules

See 

 for more information.

literal, single IP addresses, range, or address blocks

For static NAT rules, you can add only a CIDR with subnet mask 

/32

, and only if there is not already 

a value in the list.

See 

 for more information.

The following procedure explains how to add destination network conditions while adding or editing a 
NAT rule. See 

 for more 

detailed information.

Admin/Network Admin

Select the 

 tab on the rule Edit page.

The Destination Network page appears.

Optionally, click the 

 prompt above the 

 list, then type a name or 

value.