Dynamic nat configuration example 2 – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

ServerIron ADX Security Guide

101

53-1002440-03

Configuring NAT

4

ServerIronADX(config-ve-2)#ip nat inside

ServerIronADX(config-ve-3)#ip nat outside

3. Configure a numbered ACL and permit the IP addresses on the inside. Then define the global

address pool and enable dynamic NAT.

ServerIronADX(config)# access-list 101 permit ip 10.10.1.0/24 any

ServerIronADX(config)# ip nat pool global_pool 209.157.1.2 209.157.1.254

prefix-length 24

Make sure you specify permit in the ACL, rather than deny. If you specify deny, the ServerIron
ADX will not provide NAT for the addresses.

4. Tie the inside source list to the global pool and enable PAT (overload) to send traffic out the

external interface.

ServerIronADX(config)# ip nat inside source list 101 pool global_pool

5. rconsole into the BP and verify the translation is working correctly.

rconsole x/x

show ip nat statistic

show ip nat translation

Dynamic NAT configuration example 2

In the following example, the ServerIron ADX is configured to translate inside hosts in the 20.20.0.0
network to unique global addresses in the 15.15.15.15/24 network.

FIGURE 7

Example of a dynamic NAT configuration - translating inside host addresses to unique pool
addresses

This example requires that Interfaces 1/5 and 1/1 be configured as Inside and Outside interfaces
respectively as shown.

ServerIronADX(config)# interface ethernet 1/5

ServerIronADX(config-if-e1000-1/5) ip address 20.20.50.1 255.255.0.0

ServerIronADX(config-if-e1000-1/5) ip nat inside

Remote Server

Internet

Global IP address pool: 15.15.15.15 to 15.15.15.25

Inside Interface

Outside Interface

Inside IP addresses: 20.20.0.0

1/1

1/5

SI