Black Box LR1102A-T1/E1 User Manual
Page 84
Black Box LR11xx Series Router Configurations Guide
86
translation takes place, i.e., if a packet travels from 10.1.1.1 to yahoo.com, Black Box-Firewall only substitutes the
source address in the IP header with one of the NAT IP address and the source port will be the same as the original.
If traffic emanates from the same client to any other server, the same NAT IP address is assigned. The advantage is
that the NAT IP addresses are utilized in a better and optimum manner dynamically.
If a NAT IP address cannot be allocated dynamically at the connection creation time, the packet would be dropped.
Figure 25 Dynamic NAT
The dynamic NAT configuration shown in Figure 25 includes:
Private network addresses:10.1.1.1—10.1.1.4
Public (NAT) IP address range: 60.1.1.1—60.1.1.2
To create NAT pool with type dynamic, specify the IP address and the NAT ending IP address.Then add a policy
with the source IP address range, and attach the NAT pool to the policy.
Blackbox/configure> firewall corp
Blackbox/configure/firewall corp> object
Blackbox/configure/firewall corp/object> nat-pool addresspoolDyna dynamic
60.1.1.1 60.1.1.2
Blackbox/configure/firewall corp/object> exit
Blackbox/configure/firewall corp> policy 8 out address 10.1.1.1 10.1.1.4 any any
Blackbox/configure/firewall corp/policy 8 out> apply-object nat-pool
addresspoolDyna
Blackbox/configure/firewall corp/policy 8 out> exit 2
Blackbox/configure>
60.1.1.1-60.1.1.2
OPAL
10.1.1.3
10.1.1.2
10.1.1.1
INTERNET
10.1.1.4