: Configure NAT for External Connections
Focus
Focus

Configure NAT for External Connections

Table of Contents
End-of-Life (EoL)

Configure NAT for External Connections

You only need to configure NAT if the firewall has an external interface used for connecting to networks outside of your data center. While NAT is not required, you can use this procedure to translate private IP addressing in your data center to public IP addressing outside. Begin setting up NAT by configuring address translation for traffic entering server inside an EPG in your data center. Then configure a NAT policy that translates the source address of outbound traffic from any EPG to the external interface IP address.
  1. Configure address translation for traffic entering an EPG in your data center.
    1. Select PoliciesNAT and click Add.
    2. Enter a descriptive Name for your NAT policy rule.
    3. Select Original Packet and click Add under Source Zone.
    4. Select the source zone from the drop-down.
    5. Select the destination zone from the Destination Zone drop-down.
    6. Select Any for the Source Address.
    7. Click Add under Destination Address and enter the external IP address.
    8. On the Translated Packet tab, select the Translation Type under Destination Address Translation.
    9. Select an address from the Translated Address drop-down.
    10. Click OK.
  2. Configure address translation for outbound traffic.
    1. Select PoliciesNAT and click Add.
    2. Enter a descriptive Name for your outbound NAT policy.
    3. Select Original Packet and click Add under Source Zone.
    4. Select the zone that matches your ACI tenant and VRF.
    5. Select the external zone from the Destination Zone drop-down.
    6. On the Translated Packet tab, select the Translation Type under Source Address Translation.
    7. Enter additional required address information.
    8. Click OK.
  3. Commit your changes.