- Foundry Router User Guide
Security Features
June 2004 © 2004 Foundry Networks, Inc. 15 - 59
Static NAT (one to one)
Figure 15.7 Static NAT
In static (one-to-one) NAT type, for each IP address in the corporate network, one NAT IP address will be used.
For example, for the three IP addresses from 10.1.1.1 to 10.1.1.3, there is a set of three NAT IP address from
50.1.1.1 to 50.1.1.3. In case of one-to-one NAT, only IP address translation takes place, that is, if a packet travels
from 10.1.1.1 to yahoo.com, the Foundry-Firewall only substitutes the source address in the IP header with the
NAT IP address. The source port will be the same as the original.
The static NAT configuration shown in Figure 15.7 includes:
• Private network address:10.1.1.1—10.1.1.3
• Public (NAT) IP address range: 50.1.1.1—50.1.1.3
To create NAT pool with type static, specify the IP address and the ending NAT IP address. Add a policy with
source IP address range and attach NAT pool to the policy.
Port Address Translation (Many to one)
NAT allows multiple IP addresses to be mapped to one address.
50.1.1.1-50.1.1.3
OPAL
10.1.1.3
10.1.1.2
10.1.1.1
INTERNET
Foundry/configure# firewall corp
Foundry/configure/firewall corp object
Foundry/configure/firewall corp/object# nat-pool addresspoolStat
static 50.1.1.1 50.1.1.3
Foundry/configure/firewall corp/object# exit
Foundry/configure/firewall corp# policy 7 out address 10.1.1.1
10.1.1.3 any any
Foundry/configure/firewall corp/policy 7 out# apply-object nat-
pool addresspoolStat
Foundry/configure/firewall corp/policy 7 out# exit 2
Foundry/configure#