Definition Of Terms - Cisco PIX 520 - PIX Firewall 520 Online Help Manual

User guide

Hide thumbs Also See for PIX 520 - PIX Firewall 520:

Installation manual (58 pages)

User manual (24 pages)

User manual (114 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

page of 256

/ 256
Contents
Table of Contents
Bookmarks

Table of Contents

Example of a Static PAT Rule

The NAT table displays all static PAT rules first, followed by the normal static NAT rules, and then the dynamic

NAT rules. No new column is introduced in the table. The contents of "Original Address" and "Translated

Address" columns are extended to show service mapping for static PAT rules.

Rule

Type

Interface

inside

The Rule Type column lists whether the rule type is Static or Dynamic. A static translation shows the static

icon.

The Original column lists where the translation originates, including what interface, IP addresses, Port

number/protocol are translated.

The Translated column lists the interface where the translation occurs, and what IP addresses, Port

number/protocol are presented to connections on that interface.

How PDM Handles Redundant or Overlapping

Translation Rules

Definition of terms:

Redundant: If there exists two or more NAT rules in a configuration to translate an IP address, and the resulted

translations are identical, the rules are called "redundant" to each other, for example:

static (in,out) 1.1.1.0 1.1.1.0

static (in,out) 1.1.1.1 1.1.1.1

For address 1.1.1.1, both rules will translate it to 1.1.1.1. However, translation may not be exactly identical, for

example:

static (in,out) 1.1.1.0 1.1.1.0 0 0

static (in,out) 1.1.1.1 1.1.1.1 100 100 norandomseq

Overlap: If there exists two or more NAT rules in a configuration to translate an address and the resulted

translations are different, the rules are overlapping each other, for example:.

static (in,out) 1.1.1.0 1.1.1.0

static (in,out) 1.1.1.5 1.1.1.1

PDM builds NAT rules in two cases: when PDM reads your current configuration and when you use PDM to

add/edit a NAT rule. PDM checks for NAT overlapping/redundancy only in the second case. If you use the CLI

to configure NAT, it is up to you to avoid overlapping/redundancy.

The following is a list of possible NAT overlapping/redundancy scenarios that will help you understand how

PDM behaves and why it does it this way. As you will see, some cases are not so obvious. One needs to

understand how PIX Firewall translates packets using the NAT configuration and the runtime xlate database to

see why a particular combination will fail at runtime, and thus should be prevented or warned when being

Original

Address

209.165.201.1

Port 8000/tcp

Translated

Interface

Interface IP

outside

Port 80/tcp

Address

Table of Contents

This manual is also suitable for:

Pix device manager 1.1

Definition Of Terms - Cisco PIX 520 - PIX Firewall 520 Online Help Manual

Definition of terms:

Related Manuals for Cisco PIX 520 - PIX Firewall 520

Related Content for Cisco PIX 520 - PIX Firewall 520

This manual is also suitable for:

Table of Contents