Manualshelf

- Enterasys Security Router User's Guide

ManualsBrandsEnterasys Networks ManualsNetwork RouterSecurity Router X-PeditionTM
141142143144145146147148149150
Configuring NAT Examples
XSR User’s Guide 5-43
Figure 5-15 Static NAT within Interface
As shown in Figure 5-15, packets from the PC at 10.1.1.1 are statically NATted to the PC at
203.2.2.1 but through neither of the pools. This occurs because static NAT takes precedence over
other NAT forms. Also, this static NAT would be used only when packets from PC 10.1.1.1 exit the
F2 interface. On any other interface the translation would not occur, unless the same mapping is
configured. Static NAT within an interface procedes as follows:
1. The user at 10.1.1.1 opens a connection to host 172.20.2.1.
2. When the XSR receives the first packet from 10.1.1.1, the static NAT table for the interface is
checked and a mapping found. That mapping is used to translate the source IP address to
203.2.2.1.
3. The packet goes out as being transmitted from 203.2.2.1 to destination 172.20.2.1.
4. When a reply packet is received by the XSR, static mappings are again checked resulting in the
translation of the destination IP address from 203.2.2.1 to 10.1.1.1.
Enter the following commands to configure static NAT at interface F2:
XSR(config)#access-list 101 permit ip any 172.20.0.0 0.0.255.255
+ Configures the ACL for the destination on the 172.20.0.0 network
XSR(config)#access-list 102 permit ip any 164.17.0.0 0.0.255.255
+ Configures the ACL for the destination on the 164.17.0.0 network
XSR(config)#ip local pool NatPool 200.2.2.0/24
XSR(ip-local-pool)#exit
XSR(config)#ip local pool NatPool1 201.2.2.0/24
XSR(ip-local-pool)#exit
+ Create two IP local pools with the specified inside global IP addresses
XSR(config)#ip nat pool NatPool
XSR(config)#ip nat pool NatPool1
+ Assigns the above pools to NAT
XSR(config)#interface F2
XSR(config-if<F2>)#ip nat source list 101 pool NatPool
XSR(config-if<F2>)#ip nat source list 102 pool NatPool1
Internet
Outside
Inside
After Translation
SA: 10.1.1.1
Request
DA: 164.17.2.1
SA: 201.2.2.1
DA: 172.20.2.1
172.20.2.1
10.1.1.1
164.17.2.2
NAT Table
10.1.1.1
203.2.2.1
10.1.1.2
201.2.2.1
10.1.1.2
SA: 10.1.1.2
Request
DA: 164.17.2.1
After Translation
DA: 172.20.2.1
SA: 201.2.2.1
DA: 203.2.2.1
Reply
SA: 172.20.2.1
XSR
Internal
interface
Inside local
IP Address
Inside global
IP Address
External
interface
F2