Configuring dynamic nat, Configuring an address pool – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 73

Advertising
background image

Brocade Virtual ADX Security Guide

61

53-1003250-01

Configuring NAT

4

The priority variable specifies a value of 1 or 2 and enables static NAT redundancy. A value of 2
means higher priority, and will be the owner of the NAT IP as long as the system is up.

The list parameter specifies the access list identified by the acl-id variable that will permit only the
configured TCP or UDP port numbers.

Configuring dynamic NAT

To configure dynamic NAT, perform the following tasks:

Configure a standard or extended ACL for each private address range for which you want to
provide NAT.

NOTE

Named ACLS are not supported with NAT. You must use a numbered ACL.

Configure a pool for each consecutive range of Internet addresses to which you want NAT to be
able to map the private addresses specified in the ACLs. Each pool must contain a range with
no gaps. If your Internet address space has gaps, configure separate pools for each
consecutive range within the address space.

Associate a range of private addresses (specified in a standard or extended ACL) with a pool.

Configuring an address pool

Use the ip nat pool command to configure the address pool. For an example, refer to

“Dynamic NAT

configuration example 1”

on page 62.

Syntax: [no] ip nat pool pool-name start-ip end-ip netmask ip-mask | prefix-length length |

port-pool-range priority-value

The pool-name parameter specifies the name assigned to the pool. It can be up to 255 characters
long and can contain special characters and internal blanks. If you use internal blanks, you must
use quotation marks around the entire name.

The start-ip parameter specifies the IP address at the beginning of the pool range. Specify the
lowest-numbered IP address in the range.

The end-ip parameter specifies the IP address at the end of the pool range. Specify the
highest-numbered IP address in the range.

NOTE

The address range cannot contain any gaps. Make sure you own all the IP addresses in the range.
If the range contains gaps, you must create separate pools containing only the addresses you own.

The netmask ip-mask | prefix-length length parameter specifies a classical sub-net mask
(example: netmask 255.255.255.0) or the length of a CIDR prefix (example: prefix-length 24). The
Brocade Virtual ADX supports up to 255 global IP addresses.

The port-pool-range priority-value parameter enables dynamic NAT redundancy, where the
priority-value can be 1 or 2. A range value of 2 indicates higher priority for the NAT IP. A 2 value also
means the source ports allocated for the NAT IP are from the higher range.

Advertising
Popular Brands
Popular manuals