Profile Overrides - Static NAT - Destination

NAT destination configurations define the way in which packets passing through the NAT on the way back to the LAN are searched against the records kept by the NAT engine. The destination IP address is changed back to the specific internal private class IP address to reach the LAN over the network.

  1. Select the Destination tab.

    The Static NAT → Destination screen displays.

    Click to expand in new window
    NAT Configuration - Static NAT - Destination Main Screen
  2. Review existing Static NAT destination configurations to determine if a new configuration warrants creation or an existing configuration warrants modification or deletion.
  3. To permanently remove a NAT destination, select it and click Delete.

    Existing NAT destination configurations cannot be edited.

  4. To create a new NAT destination configuration, click Add.

    The Add Destination NAT window displays.

    Click to expand in new window
    NAT Configuration - Add Static NAT Destination IP Address Window
  5. Set or override the following destination configuration parameters.

    Static NAT creates a permanent, one-to-one mapping between an address on an internal network and a perimeter or external network. To share a web server on a perimeter interface with the internet, use static address translation to map the actual address to a registered IP address. Static address translation hides the actual address of the server from users on insecure interfaces. Casual access by unauthorized users becomes much more difficult. Static NAT requires a dedicated address on the outside network for each host.

    Protocol

    Select the protocol for use with static translation. Available options are TCP, UDP and Any. The default setting is Any.

    TCP is a transport layer protocol used by applications requiring guaranteed delivery. It is a sliding window protocol handling both timeouts and retransmissions. TCP establishes a full duplex virtual connection between two endpoints. Each endpoint is defined by an IP address and a TCP port number.

    The UDP (User Datagram Protocol) offers only a minimal transport service, non-guaranteed datagram delivery, and provides applications direct access to the datagram service of the IP layer. UDP is used by applications not requiring the level of service of TCP or are using communications services (multicast or broadcast delivery) not available from TCP.

    Destination IP

    Enter the local address used at the (source) end of the static NAT configuration. This address (once translated) will not be exposed to the outside world when the translation address is used to interact with the remote destination.

    Destination Port

    Set the local port number used at the (source) end of the static NAT configuration. The default value is port 1.

    NAT IP

    Enter the IP address of the matching packet to the specified value. The IP address modified can be either source or destination based on the direction specified.

    NAT Port

    Enter the port number of the matching packet to the specified value. This option is valid only if the direction specified is destination.

    Network

    Select Inside or Outside NAT as the network direction. The default setting is Inside.

    Select Inside to create a permanent, one-to-one mapping between an address on an internal network and a perimeter or external network. To share a web server on a perimeter interface with the internet, use static address translation to map the actual address to a registered IP address. Static address translation hides the actual address of the server from users on insecure interfaces. Casual access by unauthorized users becomes much more difficult. Static NAT requires a dedicated address on the outside network for each host.

  6. Click OK to save the static NAT destination configuration changes.

    Click Reset to revert to the last saved configuration.

Example