Skip to main content

 

 

Cisco Defense Orchestrator

Network Address Translation Rule Wizard

About the NAT Wizard

The Network Address Translation (NAT) rule wizard helps you create NAT rules on your ASA devices for these use cases:

  • Enable Internet Access for Internal Users. You may use this kind of NAT rule to allow users on an internal network to reach the Internet.
  • Expose an Internal Server to the Internet. For examples, you may use this rule to allow people outside your network to reach a web server or email server. 

Prerequisites for the "Enable Internet Access for Internal Users" use case

Before you create your NAT rule, gather this information:

  • The interface that is closest to your users this is often called the "inside" interface.
  • The interface closest to your Internet connection. This is often called the "outside" interface.
  • If you want to allow only specific users to reach the Internet, you will need the subnet addresses for those users. 

Prerequisites for the "Expose an Internal Server to the Internet" use case

Before you create your NAT rule, gather this information:

  • The IP address of the server inside your network that you would like to translate to an Internet-facing IP address.
  • The public IP address you want the server to use. 
  • The interface that is closest to your users. This is often called the "inside" interface.
  • The interface closest to your Internet connection. This is often called the "outside" interface.

Create a NAT rule with the NAT Wizard

  1. Click Devices & Services.
  2. Filter and search for the ASA on which you want to create the NAT rule.
  3. In the Management area of the details panel, click NAT nat_button.png.
  4. Click Create NAT Rule > NAT Wizard.
  5. Respond to the NAT Wizard questions and follow the on-screen instructions.

Notes

  • The NAT Wizard creates rules using network objects. If you enter an IP address when defining a rule, CDO tries to match that address to an existing object. If there is no object for the address you entered, underneath the IP address field, click Name Object. CDO creates a new network object for the address you entered.
  • Before you can save the NAT rule, all IP addresses need to be defined as network objects.
  1. After you create the rule save the changes to the device:
    1. Return to the Devices & Services page.
    2. Select the device to which you added the NAT rule.
    3. Click Preview and Write...
    4. Confirm the changes are valid.
    5. Apply the changes to the device. 
  • Was this article helpful?