Dynamic source NAT

General Information

Source NAT is used to create connections from a private network to a public network. If an arriving IP packet on a 7705 SAR matches the security policy rules, an internal mapping is created between the private source IP address and source port to a public source IP address and source port. The public IP address and port can be configured in the NAT Pool on the security policy.

NAT automatically creates a reverse mapping for incoming traffic from a public domain to a private domain for the same connection. The reverse mapping is based on an outside destination IP address and destination port to an inside destination IP address and destination port.

The configurable outside NAT pool for the source IP address and source port can either be a range of addresses and ports or a unique IP address and port.

The 7705 SAR supports a single public IP address - all inside source IP addresses can be mapped to a single outside IP address and a range of ports by assigning the interface name to the NAT pool configuration. All local interfaces on a 7705 SAR can be assigned to the NAT pool - local L3 interfaces, loopback interfaces, and system interfaces.