Source and Destination NAT Example

In this example, NAT rules translate both the source and destination IP address of packets between the clients and the server.
  • Source NAT—The source addresses in the packets from the clients in the Trust-L3 zone to the server in the Untrust-L3 zone are translated from the private addresses in the network to the IP address of the egress interface on the firewall ( Dynamic IP and Port translation causes the port numbers to be translated also.
  • Destination NAT—The destination addresses in the packets from the clients to the server are translated from the server’s public address ( to the server’s private address (
The following address objects are created for destination NAT.
  • Server-Pre-NAT:
  • Server-post-NAT:
The following screen shots illustrate how to configure the source and destination NAT policies for the example.
To verify the translations, use the CLI command
show session all filter destination
. A client address and its port number are translated to and a port number. The destination address is translated to

Recommended For You