Profile Overrides - Dynamic NAT

Dynamic NAT configurations translate the IP address of packets going out from one interface to another interface based on configured conditions. Dynamic NAT requires packets be switched through a NAT router to generate translations in the translation table.

To override the dynamic NAT configurations:

  1. Select the Dynamic NAT tab.

    The Dynamic NAT main screen displays by default.

    Click to expand in new window
    NAT Configuration - Dynamic NAT Main Screen
  2. Review the following to determine whether a new dynamic NAT configuration needs to be created, or whether an existing one can be edited or deleted:

    Source List ACL

    Lists an ACL to define the packet selection criteria for the NAT configuration. NAT is applied only on packets which match a rule defined in the access-list. These addresses (once translated) are not exposed to the outside world when the translation address is used to interact with the remote destination.

    Network

    Displays Inside or Outside NAT as the network direction for the dynamic NAT configuration.

    ACL Precedence

    Lists the administrator-assigned priority set for the listed source list ACL. The lower the value listed, the higher the priority assigned to this ACL rule.

    Interface

    Lists the VLAN (from 1 - 4094) used as the communication medium between the source and destination points within the NAT configuration.

    Overload Type

    Displays the overload type used when several internal addresses are NATed to only one or a few external addresses. Options include NAT Pool, One Global Address and Interface IP Address. The default setting is Interface IP Address.

    NAT Pool

    Displays the name of an existing NAT pool used with the dynamic NAT configuration.

    Overload IP

    If One Global IP Address is selected as the Overload Type, define an IP address to use as a filter address for the IP ACL rule.

  3. To modify an existing dynamic NAT configuration, select it and click Edit. To remove an existing configuration, select it and click Delete.
  4. To create a new dynamic NAT configuration, click Add.

    The Source window displays.

    Click to expand in new window
    Profile Overrides - Security - NAT - Dynamic NAT - Source ACL List Screen
  5. Set or override the following to define the Dynamic NAT configuration:

    Source List ACL

    Select an ACL name to define the packet selection criteria for NAT. NAT is applied only on packets which match a rule defined in the access-list. These addresses (once translated) will not be exposed to the outside world when the translation address is used to interact with the remote destination.

    Network

    Select Inside or Outside NAT as the network direction for the dynamic NAT configuration. Inside is the default setting.

    ACL Precedence

    Set the priority (from 1 - 5000) for the source list ACL. The lower the value, the higher the priority assigned to the ACL rule.

    Interface

    Select the VLAN (from 1 - 4094) or WWAN used as the communication medium between the source and destination points within the NAT configuration. Ensure that the VLAN selected adequately supports the intended network traffic within the NAT supported configuration.

    Overload Type

    Define the overload type used when several internal addresses are NATed to only one or a few external addresses. Options include NAT Pool, One Global Address, and Interface IP Address. The default setting is Interface IP Address.

    NAT Pool

    Provide the name of an existing NAT pool for use with the dynamic NAT configuration.

    Note:

    This option is enabled only if the Overload Type is set or NAT Pool.

    Overload IP

    If One Global IP Address is selected as the Overload Type, define an IP address to use as a filter address for the IP ACL rule.

  6. Click OK to save the dynamic NAT configuration changes.

    Click Reset to revert to the last saved configuration.