End-of-Life (EoL)

Configure NAT for External Connections

You only need to configure NAT if the firewall has an external interface used for connecting to networks outside of your data center. While NAT is not required, you can use this procedure to translate private IP addressing in your data center to public IP addressing outside. Begin setting up NAT by configuring address translation for traffic entering server inside an EPG in your data center. Then configure a NAT policy that translates the source address of outbound traffic from any EPG to the external interface IP address.
  1. Configure address translation for traffic entering an EPG in your data center.
    1. Select
      Policies
      NAT
      and click
      Add
      .
    2. Enter a descriptive
      Name
      for your NAT policy rule.
    3. Select
      Original Packet
      and click
      Add
      under
      Source Zone
      .
    4. Select the source zone from the drop-down.
    5. Select the destination zone from the
      Destination Zone
      drop-down.
    6. Select
      Any
      for the
      Source Address
      .
    7. Click
      Add
      under
      Destination Address
      and enter the external IP address.
      nat-policy-original-packet.png
    8. On the
      Translated Packet
      tab, select the
      Translation Type
      under
      Destination Address Translation
      .
    9. Select an address from the
      Translated Address
      drop-down.
    10. Click
      OK
      .
      nat-policy-translated-packet.png
  2. Configure address translation for outbound traffic.
    1. Select
      Policies
      NAT
      and click
      Add
      .
    2. Enter a descriptive
      Name
      for your outbound NAT policy.
    3. Select
      Original Packet
      and click
      Add
      under
      Source Zone
      .
    4. Select the zone that matches your ACI tenant and VRF.
    5. Select the external zone from the
      Destination Zone
      drop-down.
      nat-policy-original-packet-outbound.png
    6. On the
      Translated Packet
      tab, select the
      Translation Type
      under
      Source Address Translation
      .
    7. Enter additional required address information.
    8. Click
      OK
      .
      nat-policy-translated-packet-outbound.png
  3. Commit
    your changes.

Recommended For You