- Enterasys Security Router User's Guide
Configuring NAT Examples
5-38 Configuring IP
Configuring NAT Examples
Basic One-to-One Static NAT
The following example illustrates inside source address translation on the XSR, as shown in
Figure 5-11 below.
Figure 5-11 NAT Inside Source Translation
1. The user at 10.1.1.1 opens a connection to host 172.20.2.1.
2. The first packet the XSR receives from host 10.1.1.1 causes the router to check its NAT table.
– If a static entry was configured, the XSR proceeds to Step 3.
– If no translation entry exists, the router decides that 10.1.1.1 must be translated
dynamically, selects a global address from the dynamic address pool, and creates a
translation entry.
3. The XSR replaces the inside local source address of 10.1.1.1 with the global IP address
200.20.2.1 and forwards the packet.
4. Host 172.20.2.1 receives the packet and responds to IP address 200.20.2.1.
5. The XSR receives the packet with the inside global destination IP address 200.20.2.1, it looks in
the table, and translates the destination address to the inside local destination address 10.1.1.1.
Then it forwards the packet to 10.1.1.1.
Configuring Static Translation
Only one command is required to configure NAT because static NAT is interface independent.
Optionally, you can configure multiple entries in the static translation table with the
ip nat
source static
command.
•XSR(config)#ip nat source static local-ip global-ip
+
Sets the static translation
Internet
Outside
Inside
NAT Table
Private: 10.1.1.1
Global: 200.2.2.1
After Translation
SA: 10.1.1.1
Reply
Request
Reply after
SA: 200.2.2.1
DA: 172.20.2.1
reverse lookup
DA: 172.20.1
SA: 172.20.2.1
DA: 10.1.1.1
SA: 172.20.2.1
DA: 200.2.2.1
172.20.2.1
10.1.1.1
Inside
XSR
interface
External
interface