User's Manual Part 2



47JadeOSUserManual

latestheprivate(notgloballyunique)addressesintheinternalnetworkintolegal

addresses,beforepacketsareforwardedtoanothernetwork.

Aspartofthiscapability,NATcanbeconfiguredtoadvertiseonlyoneaddressforthe

entirenetworktotheoutsideworld.Thisprovidesadditionalsecuritybyeffectively

hidingtheentireinternalnetworkbehindthataddress.NAToffersthedualfunctions

ofsecurityandaddressconservationandistypicallyimplementedinremote‐access

environments.

Basically,NATallowsasingledevice,suchasarouter,toactasanagentbetweenthe

Internet(orpublicnetwork)andalocalnetwork(orprivatenetwork),whichmeans

thatonlyasingleuniqueIPaddressisrequiredtorepresentanentiregroupofcom‐

puterstoanythingoutsidetheirnetwork.

7.3.1ConfiguringSNAT

Figure7‐1sourceaddresstransfer

TocreateNATpool,use thefollowingcommandinconfigmode:

ip nat pool <pool-name> <start-ip> <end-ip> <dest-ip>

TocreateSNATruleinsessionACL,usethefollowingcommand:

network <subnet> <mask> any any src-nat pool <pool-name>

Usingfigure7‐1asanexample,step1andstep2showhowtospecifytheuserpolicy

inVLAN100.Letthetrafficfromuserson200.0.0.0/24subnetbeSNATedwhenthey

accesspublicinternetserver155.0.0.150.

Step1CreateNATaddresspool

(JadeOS)(config)# ip nat pool nat_pool 150.0.0.1 150.0.0.1 160.0.0.1

Step2ConfiguresessionACL,addaSNATrulesspecifyingwhattrafficistobe

translatedandNATpool

(JadeOS)(config)#ip access-list session tacl

(JadeOS)(config-sess-tacl)# network 200.0.0.0 255.255.255.0 any any

src-nat pool nat_pool