Field Reference for Inventory Pages

This section provides descriptions of the fields found under the Inventory tab in Cisco Prime Infrastructure.

NAT44 Rules

The following topics describe the fields in Inventory > Device Management > Network Devices > Configuration > Security > NAT > NAT44 Rules.

  • Add NAT Rule > Static Rule

  • Add NAT Rule > Dynamic NAT Rule

  • Add NAT Rule > Dynamic PAT Rule

Add NAT Rule > Static Rule

The following table describes the elements on Operate > Device Work Center > Configuration > Security > NAT > NAT44 Rules > Add NAT Rule > Static Rule.

Table 1. Add NAT Rule > Static Rule

Element

Description

Direction

Enter the directions. Cisco Prime Infrastructure Release 2.1 supports only the Inbound to Outbound direction.

VRF

Enter the virtual routing and forwarding (VRF) on which the NAT translation process occurs.

Source A

Enter a valid IPv4 address. A valid IPv4 address consists of four octets separated by a period (.).

  • If Source A is defined, Source B must also be defined.

  • If Source A is defined, Destination A will be Any by default.

Destination A

Enter a valid IPv4 address. A valid IPv4 address consists of four octets separated by a period (.).

  • If Destination A is defined, Destination B must also be defined.

  • If Destination A is defined, Source A will be Any by default.

Translation

Select the static translation type.

Source B

Enter a valid IPv4 address. A valid IPv4 address consists of four octets separated by a period (.). You can also select an interface from the list of interfaces.

  • If Source B is defined, Source A must also be defined.

  • If Source B is defined, Destination B will be Any by default.

Destination B

Enter a valid IPv4 address. A valid IPv4 address consists of four octets separated by a period (.).

  • If Destination B is defined, Destination A must also be defined.

  • If Destination B is defined, Source A and B will be Any by default.

Options

Enter the advance options for the Static type. Configure the following:

  • To ignore the embedded IP addresses (no-Payload), select the Ignore Embedded IP Address check box.

  • To enable port translation, select the Enable Port Translation check box, and then define the following:

    • TCP or UDP

    • Original Port

    • Translated Port

Add NAT Rule > Dynamic NAT Rule

The following table describes the elements in Inventory > Device Management > Network Devices > Configuration > Security > NAT > NAT44 Rules > Add NAT Rule > Dynamic NAT Rule.

Table 2. Add NAT Rule > Dynamic NAT Page

Element

Description

Direction

Enter the directions. Cisco Prime Infrastructure Release 2.1 supports only the Inbound to Outbound direction.

VRF

Enter the VRF on which the NAT translation process occurs.

Source A

Select the ACL name from the list.

  • If Source A is defined, Source B must also be defined.

  • If Source A is defined, Destination A will be Any by default.

Destination A

Select the ACL name from the list.

  • If Destination A is defined, Destination B must also be defined.

  • If Destination A is defined, Source A will be Any by default.

Translation

Select the Dynamic NAT translation type.

Source B

Choose the NAT pool from the drop-down list.

Destination B

Choose the NAT pool from the drop-down list.

  • If Destination B is defined, Destination A must also be defined.

  • If Destination B is defined, Source A and B will be Any by default.

Options

Enter the advance options for the Dynamic type.

  • To ignore the embedded IP addresses (no-Payload), select the Ignore Embedded IP Address check box.

  • To enable port translation, select the Enable Port Translation check box, and then define the following:

    • TCP or UDP

    • Original Port

    • Translated Port

Note 
This option is supported only on the Cisco Integrated Services Routers.

Add NAT Rule > Dynamic PAT Rule

The following table describes the elements in Inventory > Device Management > Network Devices > Configuration > Security > NAT > NAT44 Rules > Add NAT Rule > Dynamic PAT Rule.

Table 3. Add NAT Rule > Dynamic PAT Page

Element

Description

Direction

Enter the directions. This release supports only the Inbound to Outbound direction.

VRF

Enter the VRF on which the NAT translation process occurs.

Source A

Select the ACL name from the list.

Destination A

Destination A cannot be defined.

Translation

Select the Dynamic PAT translation type.

Source B

Select the IP Pool Name from the list. You can also select an interface from the list of interfaces.

Destination B

Destination B cannot be defined.

Options

Enter the advance options for the Dynamic PAT. To ignore the embedded IP addresses (no-Payload), select the Ignore Embedded IP Address check box.

Note 
This option is supported only on Cisco ISRs.

Service Container > Add

The following table describes the fields in Inventory > Device Management > Network Devices > Service Container> Add.

Table 4. Inventory > Device Management > Network Devices > Service Container> Add

Field

Description

Select an Operation

Choose either Install or Install and Activate depending on whether you want to activate the container later or during the current instance.

WAAS-XE IP Address/Mask

Enter the Cisco Wide Area Application Services (WAAS)-Cisco IOS XE container’s IP address and mask.

Router Virtual Interface IP/Mask

Enter the IP and mask for the Router Virtual Interface on which you want to install the container.

OVA

From the list, choose the OVA image that is to be installed.

Resource Profile

From the list, choose a resource profile as per the memory requirement.

Service Container Name

Enter a name for the service container.

Enable WAN Optimization on

Select the check box to begin WAN optimization, and choose an interface role to initiate traffic redirection.

Configuration > Security > Zone Based Firewall

The following table describes the fields in Inventory > Device Management > Network Devices > Configuration > Security > Zone Based Firewall > Policy Rule.

Table 5. Zone Based Firewall > Policy Rule Page

Element

Description

Name

(Optional) Enter a name for the policy rule.

Source Zone

Enter the name of the zone from which the traffic is originating.

Destination Zone

Enter the name of the zone to which the traffic is bound.

Source

Enter the source IP address of the inspected data. The valid parameters are:

  • Any

  • A combination of IPv4 addresses and subnets

Destination

Enter the destination IP address of the inspected data. The valid parameters are:

  • Any

  • A combination of IPv4 addresses and subnets

Service

Service of the inspected data. The valid parameters are:

  • Services

  • Port Based Applications

  • TCP

  • UDP

  • ICMP

Action

Choose the action to perform on the traffic when there is a match on a rule condition. A rule matches when:

  • The traffic source IP address matches the source rule condition.

  • The traffic destination IP address matches the destination rule condition, and the traffic-inspected service matches the service rule condition.

Action options are:

  • Drop

  • Drop and Log

  • Inspect

  • Pass

  • Pass and Log

Advanced Options

Specify the configuration parameters to set the Firewall Rule Parameter-Map behavior when the Action option is set to Inspect.