Cisco Cisco FirePOWER Appliance 8390
12-27
FireSIGHT System User Guide
Chapter 12 Using NAT Policies
Working with Different Types of Conditions in NAT Rules
You add ranges in the following format: lower IP address-upper IP address. For example:
179.13.1.1-179.13.1.10
.
for more
information.
Step 7
Save or continue editing the rule.
You must apply the NAT policy for your changes to take effect; see
.
Adding Destination Network Conditions to NAT Rules
License:
Any
You configure the matching values and translation values of the destination IP address for packets. Note
that you cannot configure translated destination networks for dynamic NAT rules.
that you cannot configure translated destination networks for dynamic NAT rules.
Because static NAT rules are one-to-one translations, the
Available Networks
list contains only network
objects and groups that contain only a single IP address. For static translations, you can add only a single
object or literal value to both the
object or literal value to both the
Original Destination Network
or
Translated Destination Network
lists.
Caution
If a network object or object group is being used by a NAT rule, and you change or delete the object or
group, it can cause the rule to become invalid.
group, it can cause the rule to become invalid.
You can add any of the following kinds of destination network conditions to a NAT rule:
•
individual and group network objects that you have created using the object manager
See
for information on creating individual and group
network objects using the object manager.
•
individual network objects that you add from the Destination Network conditions page, and can then
add to your rule and to other existing and future rules
add to your rule and to other existing and future rules
See
for more information.
•
literal, single IP addresses, range, or address blocks
For static NAT rules, you can add only a CIDR with subnet mask
/32
, and only if there is not already
a value in the list.
See
for more information.
The following procedure explains how to add destination network conditions while adding or editing a
NAT rule. See
NAT rule. See
for more
detailed information.
To add destination network conditions to a NAT rule:
Access:
Admin/Network Admin
Step 1
Select the
Destination Network
tab on the rule Edit page.
The Destination Network page appears.
Step 2
Optionally, click the
Search by name or value
prompt above the
Available Networks
list, then type a name or
value.