- Enterasys Security Router User's Guide

ManualsBrandsEnterasys Networks ManualsNetwork RouterSecurity Router X-PeditionTM

141

142

143

144

145

146

147

148

149

150

Configuring NAT Examples

XSR User’s Guide 5-39

Dynamic Pool Configuration

The following example illustrates dynamic pool translation on the XSR, as shown in Figure 5-12.

Figure 5-12 Dynamic Pool Translation

Configuring Dynamic Pool Translation

Dynamic pool translation, as shown in Figure 5-12, is performed through the following process:

1. The user at address 10.1.1.1 opens a connection to address 172.21.2.1

2. The first packet that the XSR receives from address 10.1.1.1 forces a NAT Pool table check. If

no dynamic pool entry exists, and address 10.1.1.1 must be translated, then the XSR adds a

pool entry. The router replaces the inside local address 10.1.1.1 with the inside global address

200.2.2.1, and forwards the packet. Any other connections originating from address 10.1.1.1

will use address 200.2.2.1 as the global address.

3. Host address 172.21.2.1 receives the packet, and responds to address 10.1.1.1 by using the

inside global address 200.2.2.1.

4. When the XSR receives the packet, it searches its NAT Pool table, using address 200.2.2.1,

translates the address to inside local address 10.1.1.1, and forwards it to address 10.1.1.1.

5. The same process applies to the connection originating from address 10.1.1.2, but a different

global IP address is used.

Now enter the commands below to set dynamic pool translation. Note some steps are optional.

1. Create local IP pool NATpool with excluded IP addresses (optional) and quit Local Pool mode:

XSR(config)#ip local pool NATpool 200.2.2.0 255.255.255.0

XSR(ip-local-pool)#exclude 200.2.2.1 8

XSR(ip-local-pool)#exclude 200.2.2.21 233

XSR(ip-local-pool)#exit

2. Register the global NAT pool:

XSR(config)#ip nat pool NATpool

Internet

Outside

Inside

After Translation

SA: 10.1.1.1

Request

Reply after

DA: 172.20.2.1

SA: 200.2.2.1

reverse lookup

DA: 172.21.2.1

SA: 172.21.2.1

DA: 10.1.1.1

External

172.21.2.2

10.1.1.1

172.21.2.1

NAT Table

10.1.1.1 200.2.2.1

10.1.1.2 200.2.2.2

interface

10.1.1.2

SA: 10.1.1.2

Request

DA: 172.21.2.2

packet 2

Reply after

reverse lookup

SA: 172.21.2.1

DA: 10.1.1.1

After Translation

DA: 172.21.2.2

SA: 200.2.2.2

DA: 200.2.2.2

SA: 172.21.2.2

packet 2

DA: 200.2.2.1

SA: 172.21.2.1

packet 1

NAT Table

10.1.1.1 200.2.2.1

After packet 1

After packet 2

XSR

Internal

interface