Skip to main content

 

 

Cisco Defense Orchestrator

Network Address Translation Wizard

About the NAT Wizard

The Network Address Translation (NAT) wizard helps you create NAT rules on your devices for these types of access:

  • Enable Internet Access for Internal Users. You may use this NAT rule to allow users on an internal network to reach the internet.
  • Expose an Internal Server to the Internet. You may use this NAT rule to allow people outside your network to reach an internal web or email server. 

Prerequisites to "Enable Internet Access for Internal Users"

Before you create your NAT rule, gather this information:

  • The interface that is closest to your users; this is usually called the "inside" interface.
  • The interface closest to your Internet connection; this is usually called the "outside" interface.
  • If you want to allow only specific users to reach the internet, you need the subnet addresses for those users. 

Prerequisites to "Expose an Internal Server to the Internet"

Before you create your NAT rule, gather this information:

  • The interface that is closest to your users; this is usually called the "inside" interface.
  • The interface closest to your Internet connection; this is usually called the "outside" interface.
  • The IP address of the server inside your network that you would like to translate to an internet-facing IP address.
  • The public IP address you want the server to use.

Create a NAT Rule by using the NAT Wizard

  1. In the CDO navigation bar, click Devices & Services.
  2. Use the Devices & Services filter and search field to find the device for which you want to create the NAT rule.
  3. In the Management area of the details panel, click NAT nat_button.png.
  4. Click blue_cross_button.png > NAT Wizard
  5. Respond to the NAT Wizard questions and follow the on-screen instructions.

Notes

  • The NAT Wizard creates rules using network objects. If you enter an IP address when defining a rule, CDO tries to match that IP address to an existing object. If there is no object for the address you entered, underneath the IP address field, click Create Object. CDO creates a new network object for the IP address you entered.
  • Before you can save the NAT rule, all IP addresses need to be defined as network objects.
  1. After you create the NAT rule, save the changes to the device:
    1. Return to the Devices & Services page.
    2. Select the device to which you added the NAT rule.
    3. Click Preview and Write...
    4. Confirm the changes are valid.
    5. Apply the changes to the device. 
  • Was this article helpful?