Firewall
Configuring NAT Rules to Securely Access a Remote Network
Cisco ISA500 Series Integrated Security Appliances Administration Guide 272
6
Solution: Assuming that the IP address of the WAN1 port is 1.1.1.2 and the SSL
VPN client address pool is set as 192.168.200.0/24. You can first create a host
address object with the IP 1.1.1.3 called “PublicIP,” and then create an advanced
NAT rule as follows to allow SSL VPN clients to access the Internet:
Configuring an Advanced NAT Rule to Support NAT
Hairpinning
NAT hairpinning allows the hosts at LAN side to access internal servers by using
their respective external IP addresses (public IP addresses). This section provides
a configuration example about how to create an advanced NAT rule to support
NAT hairpinning.
STEP 1 Go to the Networking > Address Management page to create a host address
object with the IP 192.168.10.100 called “FTPServer.” The FTP server locates in
the LAN zone.
STEP 2 Go to the Firewall > NAT > Port Forwarding page to create a port forwarding rule
as follows.
From Any
To WAN1
NOTE: It must be set as a WAN port and cannot be set
as Any.
Original Source
Address
SSLVPNPool
Original Destination
Address
Any
Original Services Any
Translated Source
Address
PublicIP
Translated
Destination Address
Any
Translated Services Any