Internet outside inside – Enterasys Networks Security Router X-PeditionTM User Manual

Page 145

Advertising
background image

Configuring NAT Examples

XSR User’s Guide 5-43

Figure 5-15 Static NAT within Interface

As shown in

Figure 5-15

, packets from the PC at 10.1.1.1 are statically NATted to the PC at

203.2.2.1 but through neither of the pools. This occurs because static NAT takes precedence over
other NAT forms. Also, this static NAT would be used only when packets from PC 10.1.1.1 exit the
F2 interface. On any other interface the translation would not occur, unless the same mapping is
configured. Static NAT within an interface procedes as follows:

1.

The user at 10.1.1.1 opens a connection to host 172.20.2.1.

2.

When the XSR receives the first packet from 10.1.1.1, the static NAT table for the interface is
checked and a mapping found. That mapping is used to translate the source IP address to
203.2.2.1.

3.

The packet goes out as being transmitted from 203.2.2.1 to destination 172.20.2.1.

4.

When a reply packet is received by the XSR, static mappings are again checked resulting in the
translation of the destination IP address from 203.2.2.1 to 10.1.1.1.

Enter the following commands to configure static NAT at interface F2:

XSR(config)#access-list 101 permit ip any 172.20.0.0 0.0.255.255

+

Configures the ACL for the destination on the 172.20.0.0 network

XSR(config)#access-list 102 permit ip any 164.17.0.0 0.0.255.255

+

Configures the ACL for the destination on the 164.17.0.0 network

XSR(config)#ip local pool NatPool 200.2.2.0/24
XSR(ip-local-pool)#exit
XSR(config)#ip local pool NatPool1 201.2.2.0/24
XSR(ip-local-pool)#exit

+

Create two IP local pools with the specified inside global IP addresses

XSR(config)#ip nat pool NatPool
XSR(config)#ip nat pool NatPool1

+

Assigns the above pools to NAT

XSR(config)#interface F2
XSR(config-if<F2>)#ip nat source list 101 pool NatPool
XSR(config-if<F2>)#ip nat source list 102 pool NatPool1

Internet

Outside

Inside

After Translation

SA: 10.1.1.1

Request

DA: 164.17.2.1

SA: 201.2.2.1

DA: 172.20.2.1

172.20.2.1

10.1.1.1

164.17.2.2

NAT Table

10.1.1.1

203.2.2.1

10.1.1.2

201.2.2.1

10.1.1.2

SA: 10.1.1.2

Request

DA: 164.17.2.1

After Translation

DA: 172.20.2.1

SA: 201.2.2.1

DA: 203.2.2.1

Reply

SA: 172.20.2.1

XSR

Internal
interface

Inside local

IP Address

Inside global

IP Address

External

interface

F2

Advertising
Popular Brands
Popular manuals