Cisco Systems ISA550 Universal Remote User Manual


 
Firewall
Configuring NAT Rules to Securely Access a Remote Network
Cisco ISA500 Series Integrated Security Appliances Administration Guide 270
6
Original Source Address: Choose the original source address for the
packet.
Original Destination Address: Choose the original destination address for
the packet.
Original Services: Choose the original TCP or UDP service.
Translated Source Address: Choose the translated source address for the
packet.
Translated Destination Address: Choose the translated destination
address for the packet.
Translated Services: Choose the translated TCP or UDP service.
If the address that you want is not in the list, choose Create a new address
to create a new IP address object. To maintain the IP address objects, go to
the Networking > Address Management page. See Address Management,
page175.
If the service that you want is not in the list, choose Create a new service to
create a new service object. To maintain the service objects, go to the
Networking > Service Management page. See Service Management,
page177.
STEP 5 Click OK to save your settings.
STEP 6 Click Save to apply your settings.
STEP 7 Firewall rules must be configured to allow access so that advanced NAT rules can
function properly. After you save your settings, go to the Firewall > Access
Control > ACL Rules page to do this. See Configuring a Firewall Rule, page 257.
Configuring IP Alias for Advanced NAT rules
A single WAN port can be accessible through multiple IP addresses by adding an
IP alias to the port. When you configure an advanced NAT rule, the security
appliance will automatically create an IP alias in the following cases:
Use Case: The inbound interface (From) is set to a WAN port but the original
destination IP address (Original Destination Address) is different with the public
IP address of the selected WAN port.