Network Router User Manual
Table Of Contents
- Router Platform User Interface Reference
- NAT Policy Page
- Router Interfaces Page
- Advanced Interface Settings Page
- AIM-IPS Interface Settings Page
- Dialer Policy Page
- ADSL Policy Page
- SHDSL Policy Page
- PVC Policy Page
- PPP/MLP Policy Page
- AAA Policy Page
- Accounts and Credential s Policy Page
- Bridging Policy Page
- Clock Policy Page
- CPU Policy Page
- HTTP Policy Page
- Console Policy Page
- VTY Policy Page
- Secure Shell Policy Page
- SNMP Policy Page
- DNS Policy Page
- Hostname Policy Page
- Memory Policy Page
- Secure Device Provisioning Policy Page
- DHCP Policy Page
- NTP Policy Page
- 802.1x Policy Page
- Network Admission Control Policy Page
- Logging Setup Policy Page
- Syslog Servers Policy Page
- Quality of Service Policy Page
- BGP Routing Policy Page
- EIGRP Routing Policy Page
- OSPF Interface Policy Page
- OSPF Process Policy Page
- RIP Routing Policy Page
- Static Routing Policy Page
K-15
User Guide for Cisco Security Manager 3.2
OL-16066-01
Appendix K Router Platform User Interface Reference
NAT Policy Page
NAT Page—Timeouts Tab
Use the NAT Timeouts tab to view or modify the default timeout values for PAT
(overload) translations. These timeouts cause a dynamic translation to expire after
a defined period of non-use. In addition, you can use this page to place a limit on
the number of entries allowed in the dynamic NAT table and to modify the default
timeout on all dynamic translations that are not PAT translations.
Note For more information about the Overload feature, see NAT Dynamic Rule Dialog
Box, page K-13.
Navigation Path
Go to the NAT Policy Page, page K-3, then click the Timeouts tab.
Do Not Translate VPN
Traffic (Site-to-Site
VPN only)
This setting applies only in situations where the NAT ACL overlaps the
crypto ACL used by the site-to-site VPN. Because the interface performs
NAT first, any traffic arriving from an address within this overlap would get
translated, causing the traffic to be sent unencrypted. Leaving this check box
selected prevents that from happening.
When selected, address translation is not performed on VPN traffic.
When deselected, the router performs address translation on VPN traffic in
cases of overlapping addresses between the NAT ACL and the crypto ACL.
Note We recommend that you leave this check box selected, even when
performing NAT into IPsec, as this setting does not interfere with the
translation that is performed to avoid a clash between two networks
sharing the same set of internal addresses.
Note This option does not apply to remote access VPNs.
OK button Saves your changes locally on the client and closes the dialog box.
Note To save your changes to the Security Manager server so that they are
not lost when you log out or close your client, click Save on the
source page.
Table K-7 NAT Dynamic Rule Dialog Box (Continued)