You can specify the name of a resource address group as the translation address for a NAT rule.

You can create a NAT rule with specific translation addresses, address ranges, or both. Each entry listed in the resource address group is used to create a set of mappings based on the port range.

The number of translation mappings is based on the number of addresses or ports. For address-group entries specified in CIDR format, for example, 2.2.2.0/24, the number of addresses is based on the network address and broadcast address. For example, a CIDR of 2.2.2.0/24 results in an address range of 2.2.2.1 to 2.2.2.254. A single address entry in the address group specifies a single address.

For resource address groups specified for a NAT rule, the number of address mappings depends on the number and type of address group entries multiplied by the range of ports specified for the rule. If a port range is not specified for the rule, the default port range from 1 through 65535 is used. For example, a NAT rule that specifies a resource address group with two addresses and no port range results in 131,070 mappings.

For source NAT rules, the addresses specified in a resource group are used in ascending numerical order. The next address in the address group is referenced only when all the mappings implied by a resource address group entry have been consumed.

You can also dynamically add and delete address group entries, which takes effect immediately on the next NAT mapping allocations.