Nat configuration examples, Foundry/configure# firewall corp, Foundry/configure/firewall corp# object – Foundry Networks AR3202-CL User Manual

Page 283: Foundry/configure/firewall corp/object# exit, Foundry/configure, Nat c, Onfiguration, Xamples

Advertising
background image

Foundry AR-Series Router User Guide

15 - 58

© 2004 Foundry Networks, Inc.

June 2004

NAT Configuration Examples

Dynamic NAT (many to many)

In dynamic (many-to-many) NAT type, multiple source IP addresses in the corporate network will be mapped to
multiple NAT IP addresses (not necessarily of equal number). For a set of local IP address from 10.1.1.1 to
10.1.1.4 there will be a set of NAT IP address from 60.1.1.1 to 60.1.1.2. In case of many-to-many NAT, only IP
address translation takes place, i.e., if a packet travels from 10.1.1.1 to yahoo.com, Foundry-Firewall only
substitutes the source address in the IP header with one of the NAT IP address and the source port will be the
same as the original. If traffic emanates from the same client to any other server, the same NAT IP address is
assigned. The advantage is that the NAT IP addresses are utilized in a better and optimum manner dynamically.

If a NAT IP address cannot be allocated dynamically at the connection creation time, the packet would be
dropped.

Figure 15.6

Dynamic NAT

The dynamic NAT configuration shown in includes:

Private network addresses:10.1.1.1—10.1.1.4

Public (NAT) IP address range: 60.1.1.1—60.1.1.2

To

create NAT pool with type dynamic, specify the IP address and the NAT ending IP address.Then add a policy

with the source IP address range, and attach the NAT pool to the policy.

60.1.1.1-60.1.1.2

OPAL

10.1.1.3

10.1.1.2

10.1.1.1

INTERNET

10.1.1.4

Foundry/configure# firewall corp

Foundry/configure/firewall corp# object

Foundry/configure/firewall corp/object# nat-pool addresspoolDyna

dynamic 60.1.1.1 60.1.1.2

Foundry/configure/firewall corp/object# exit

Foundry/configure/firewall corp# policy 8 out address 10.1.1.1

10.1.1.4 any any

Foundry/configure/firewall corp/policy 8 out# apply-object nat-

pool addresspoolDyna

Foundry/configure/firewall corp/policy 8 out# exit 2

Foundry/configure#

Advertising
This manual is related to the following products:

AR1208, AR3201-CL, AR3201, AR3202, AR1216, AR1204

Popular Brands
Popular manuals