Nat configuration examples, Configuring an address pool – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 113

Advertising
background image

ServerIron ADX Security Guide

99

53-1002440-03

Configuring NAT

4

Configuring an address pool

Use the ip nat pool command to configure the address pool. For an example, refer to

“Dynamic NAT

configuration example 1”

on page 100.

Syntax: [no] ip nat pool <pool-name> <start-ip> <end-ip> netmask <ip-mask> | prefix-length

<length> | port-pool-range <priority-value>

The <pool-name> parameter specifies the name assigned to the pool. It can be up to 255
characters long and can contain special characters and internal blanks. If you use internal blanks,
you must use quotation marks around the entire name.

The <start-ip> parameter specifies the IP address at the beginning of the pool range. Specify the
lowest-numbered IP address in the range.

The <end-ip> parameter specifies the IP address at the end of the pool range. Specify the
highest-numbered IP address in the range.

NOTE

The address range cannot contain any gaps. Make sure you own all the IP addresses in the range.
If the range contains gaps, you must create separate pools containing only the addresses you own.

The netmask <ip-mask> | prefix-length <length> parameter specifies a classical sub-net mask
(example: netmask 255.255.255.0) or the length of a CIDR prefix (example: prefix-length 24). The
ServerIron ADX supports up to 255 global IP addresses.

The port-pool-range <priority-value> parameter enables dynamic NAT redundancy, where the
<priority-value> can be 1 or 2. A range value of 2 indicates higher priority for the NAT IP. A 2 value
also means the source ports allocated for the NAT IP are from the higher range.

Associating a range of private addresses with a pool and enabling PAT

Use ip nat inside source list to associate a private address range with a pool of Internet addresses
and enable PAT. For an example, refer to

“Dynamic NAT configuration example 1”

on page 100.

Syntax: [no] ip nat inside source list <acl-id> pool <pool-name>

The inside source keyword specifies that the translation applies to private addresses sending
traffic to the Internet (inside source).

The list <acl-id> parameter specifies a standard or extended ACL. Named ACLS are not supported
with NAT. You must use a numbered ACL.

The pool <pool-name> parameter specifies the pool name. You must create the pool before you
can use it with this command.

NAT configuration examples

The following sections provide both Dynamic and Static NAT configuration examples.

NOTE

A ServerIron ADX can have a maximum of 255 global IP addresses, in a single pool or multiple pools.

Advertising
Popular Brands
Popular manuals