Chapter 14 NAT
UAG Series User’s Guide
223
Port Mapping Type Use the drop-down list box to select how many original destination ports this NAT rule
supports for the selected destination IP address (Original IP). Choices are:
Any - this NAT rule supports all the destination ports.
Service - this NAT rule supports the destination port(s) used by the specified service(s).
Port - this NAT rule supports one destination port.
Ports - this NAT rule supports a range of destination ports. You might use a range of
destination ports for unknown services or when one server supports more than one
service.
This field is read-only and displays any for Many 1:1 NAT.
Original Service This field is available if Port Mapping Type is Service. Select the original service whose
destination port(s) is supported by this NAT rule.
Mapped Service This field is available if Port Mapping Type is Service. Select the translated service
whose destination port(s) is supported if this NAT rule forwards the packet.
Protocol Type This field is available if Port Mapping Type is Port or Ports. Select the protocol (TCP,
UDP, or any) used by the service requesting the connection.
Original Port This field is available if Port Mapping Type is Port. Enter the original destination port
this NAT rule supports.
Mapped Port This field is available if Port Mapping Type is Port. Enter the translated destination port
if this NAT rule forwards the packet.
Original Start Port This field is available if Port Mapping Type is Ports. Enter the beginning of the range of
original destination ports this NAT rule supports.
Original End Port This field is available if Port Mapping Type is Ports. Enter the end of the range of
original destination ports this NAT rule supports.
Mapped Start Port This field is available if Port Mapping Type is Ports. Enter the beginning of the range of
translated destination ports if this NAT rule forwards the packet.
Mapped End Port This field is available if Port Mapping Type is Ports. Enter the end of the range of
translated destination ports if this NAT rule forwards the packet. The original port range
and the mapped port range must be the same size.
Enable NAT
Loopback
Enable NAT loopback to allow users connected to any interface (instead of just the
specified
Incoming Interface) to use the NAT rule’s specified Original IP address to
access the Mapped IP device. For users connected to the same interface as the Mapped
IP device, the UAG uses that interface’s IP address as the source address for the traffic it
sends from the users to the Mapped IP device.
For example, if you configure a NAT rule to forward traffic from the WAN to a LAN server,
enabling NAT loopback allows users connected to other interfaces to also access the
server. For LAN users, the UAG uses the LAN interface’s IP address as the source address
for the traffic it sends to the LAN server. See NAT Loopback on page 224 for more details.
If you do not enable NAT loopback, this NAT rule only applies to packets received on the
rule’s specified incoming interface.
Security Policy By default the Security Policy blocks incoming connections from external addresses. After
you configure your NAT rule settings, click the Security Policy link to configure a
security policy to allow the NAT rule’s traffic to come in.
The UAG checks NAT rules before it applies To-Device security policies, so To-Device
security policies do not apply to traffic that is forwarded by NAT rules. The UAG still
checks other security policies according to the source IP address and mapped IP address.
OK Click OK to save your changes back to the UAG.
Cancel Click Cancel to return to the NAT summary screen without creating the NAT rule (if it is
new) or saving any changes (if it already exists).
Table 97 Configuration > Network > NAT > Add (continued)
LABEL DESCRIPTION
To Next Page
Loading...
