Once you configure the mapped IP, you must define an access policy to allow traffic to access the mapped IP address. No address book entry is required for a Mapped IP. The Mapped IP address automatically appears in the drop-down list for the Source Address in the Policy Configuration page.
Note: A mapped IP is required for traffic from the Untrust zone to reach a zone whose interface is in NAT mode. A MIP is optional for traffic from zones other than the Untrust zone to reach a zone whose interface is in NAT mode. Generally, you reference actual host addresses in a policy, but you can also use a MIP to preserve the privacy of addresses in the destination zone.
At the top of the Interface MIP configuration page, you can see for which interface you are configuring a new mapped IP. For example, you see:
Interface: ethernet3/2 (IP/Netmask: 209.122.17.1/24)
On the Interface (MIP) Page, click New, and then enter the necessary information:
Mapped IP: Enter the public IP address which receives inbound traffic that is then redirected to a host with a private IP address.
Note: A MIP must be in the same subnet as the tunnel interface to which it is linked; however, for an interface in the Untrust zone, a MIP does not need to be in the same subnet. In either case, a MIP address must not be the same as the interface address or be in any DIP pool that may also be on that subnet.
Netmask: Enter the subnet mask of the public IP address.
Host IP Address: Enter the private IP address of the host to receive traffic mapped from the public IP address.
Host Virtual Router Name: Select the name of the virtual router to which the host with the private IP address belongs.
Click OK to save the settings.