Jump to content


Photo

Configuring NAT Rules

NG NG400 NAT Firewall Rules Cisco ASA

  • Please log in to reply
5 replies to this topic

#1 Cory Champney

Cory Champney
  • Members
  • 2 posts

Posted 07 March 2012 - 12:33 PM

I am in the process of migrating from a Cisco ASA 5505 to a Barracuda NG Firewall F400 and I need help with the NAT rules. In the ASA, there are Exempt, static, static policy, and dynamic rules. The exempt rule seem to be pointing to our VPNs, and the majority of the static rules are 1-to-1 NAT. What would be the best way to put these rules into the NG?

#2 Manfred Halper

Manfred Halper
  • Barracuda Guru
  • 84 posts

Posted 08 March 2012 - 04:10 AM

Hello Cory,

Goto Firewall there to forwarding rules and on the left side is the point Connection Objects. I think what you're looking for is a translation map. Just make a new translation map and set the Original Adress/Net/Range to the adresses you wish to tranlate and set the Field Translated adress to the Adress you wish to translate the adress to.

Example:
Original Adress: 172.16.0.176/29
Translated Adress: 172.18.0.176

After that you create a corresponding rule and set under the Connection Method field the Translation Map you just configured.

If an incoming request matches the rule the IP adress will be translated 1 to 1.

You'll find a definition of tranlation maps in the administration Guide on page 167.

#3 Cory Champney

Cory Champney
  • Members
  • 2 posts

Posted 08 March 2012 - 11:02 AM

Thanks for the reply.

Would I just make a Pass rule to apply the translation map to? Or a Map rule?

#4 Bartek Moczulski

Bartek Moczulski
  • Barracuda Team Members
  • 102 posts
  • LocationEMEA

Posted 13 March 2012 - 05:40 AM

Hello Cory,
Use Pass rule for Source NAT and Map rule for Destination NAT. Note that both actions can use the same map object, they just reverse the order of translation. If you're not sure how the rule will work use rule tester (available in Firewall rule configuration object).

#5 Cory Champney

Cory Champney
  • Members
  • 3 posts

Posted 10 May 2012 - 10:12 PM

Are there any books available to purchase that explain configuration of the NG Firewall more in-depth than the Admin Guide?

Thanks.

#6 Bartek Moczulski

Bartek Moczulski
  • Barracuda Team Members
  • 102 posts
  • LocationEMEA

Posted 14 May 2012 - 05:10 AM

There're no books. We have Admin Guide and our brand new Tech library: techlib.barracuda.com
If that is not detailed enough for you - feel free to check Barracuda University offer for BTN300 (5 days) and BTN350 (8 days) trainings. But believe me - Cisco makes it often more complicated than necessary ;)