Configuring nat examples, Basic one-to-one static nat, Configuring static translation – Enterasys Networks Security Router X-PeditionTM User Manual

Configuring NAT Examples

5-38 Configuring IP

Configuring NAT Examples

Basic One-to-One Static NAT

The following example illustrates inside source address translation on the XSR, as shown in

Figure 5-11

below.

Figure 5-11 NAT Inside Source Translation

1.

The user at 10.1.1.1 opens a connection to host 172.20.2.1.

2.

The first packet the XSR receives from host 10.1.1.1 causes the router to check its NAT table.

–

If a static entry was configured, the XSR proceeds to Step 3.

–

If no translation entry exists, the router decides that 10.1.1.1 must be translated
dynamically, selects a global address from the dynamic address pool, and creates a
translation entry.

3.

The XSR replaces the inside local source address of 10.1.1.1 with the global IP address
200.20.2.1 and forwards the packet.

4.

Host 172.20.2.1 receives the packet and responds to IP address 200.20.2.1.

5.

The XSR receives the packet with the inside global destination IP address 200.20.2.1, it looks in
the table, and translates the destination address to the inside local destination address 10.1.1.1.
Then it forwards the packet to 10.1.1.1.

Configuring Static Translation

Only one command is required to configure NAT because static NAT is interface independent.
Optionally, you can configure multiple entries in the static translation table with the

ip nat

source static

command.

•

XSR(config)#ip nat source static local-ip global-ip

+

Sets the static translation

Internet

Outside

Inside

NAT Table

Private: 10.1.1.1

Global: 200.2.2.1

After Translation

SA: 10.1.1.1

Reply

Request

Reply after

SA: 200.2.2.1

DA: 172.20.2.1

reverse lookup

DA: 172.20.1

SA: 172.20.2.1

DA: 10.1.1.1

SA: 172.20.2.1

DA: 200.2.2.1

172.20.2.1

10.1.1.1

Inside

XSR

interface

External
interface