Interface Network Address Translation Using MIPs

A mapped IP (MIP) is a direct one-to-one mapping of one IP address to another. The security device forwards incoming traffic destined for a MIP to the host with the address to which the MIP points. A MIP is a static destination address translation that maps the destination IP address in an IP packet header to another static IP address, enabling inbound traffic to reach private addresses in a zone whose interface is in NAT mode. When a MIP host initiates outbound traffic, the security device translates the source IP address of the host to that of the MIP address. You can map an address-to-address or subnet-to-subnet relationship (the netmask applies to both the mapped IP subnet and the original IP subnet).

You can also use a MIP to handle overlapping address spaces at two sites connected by a VPN tunnel (an overlapping address space is when the IP address range in two networks are partially or completely the same).

However, devices running ScreenOS 6.1 or later remove the overlap restriction between the MIP and the VIP.

The zone you configure the MIP in determines the subnet of IP address that you can assign the MIP:

You can use a MIP as the destination addresses in rules between any two zones or in a Global rule. For the destination zone, use either the Global zone or the zone with the address to which the MIP points.

Related Documentation