Dynamic pool configuration, Configuring dynamic pool translation, Dynamic pool configuration -39 – Enterasys Networks Security Router X-PeditionTM User Manual

Page 141: Configuring dynamic pool translation -39

Advertising
background image

Configuring NAT Examples

XSR User’s Guide 5-39

Dynamic Pool Configuration

The following example illustrates dynamic pool translation on the XSR, as shown in

Figure 5-12

.

Figure 5-12 Dynamic Pool Translation

Configuring Dynamic Pool Translation

Dynamic pool translation, as shown in

Figure 5-12

, is performed through the following process:

1.

The user at address 10.1.1.1 opens a connection to address 172.21.2.1

2.

The first packet that the XSR receives from address 10.1.1.1 forces a NAT Pool table check. If
no dynamic pool entry exists, and address 10.1.1.1 must be translated, then the XSR adds a
pool entry. The router replaces the inside local address 10.1.1.1 with the inside global address
200.2.2.1, and forwards the packet. Any other connections originating from address 10.1.1.1
will use address 200.2.2.1 as the global address.

3.

Host address 172.21.2.1 receives the packet, and responds to address 10.1.1.1 by using the
inside global address 200.2.2.1.

4.

When the XSR receives the packet, it searches its NAT Pool table, using address 200.2.2.1,
translates the address to inside local address 10.1.1.1, and forwards it to address 10.1.1.1.

5.

The same process applies to the connection originating from address 10.1.1.2, but a different
global IP address is used.

Now enter the commands below to set dynamic pool translation. Note some steps are optional.

1.

Create local IP pool NATpool with excluded IP addresses (optional) and quit Local Pool mode:

XSR(config)#ip local pool NATpool 200.2.2.0 255.255.255.0
XSR(ip-local-pool)#exclude 200.2.2.1 8
XSR(ip-local-pool)#exclude 200.2.2.21 233
XSR(ip-local-pool)#exit

2.

Register the global NAT pool:

XSR(config)#ip nat pool NATpool

Internet

Outside

Inside

After Translation

SA: 10.1.1.1

Request

Reply after

DA: 172.20.2.1

SA: 200.2.2.1

reverse lookup

DA: 172.21.2.1

SA: 172.21.2.1

DA: 10.1.1.1

External

172.21.2.2

10.1.1.1

172.21.2.1

NAT Table

10.1.1.1

200.2.2.1

10.1.1.2

200.2.2.2

interface

10.1.1.2

SA: 10.1.1.2

Request

DA: 172.21.2.2

packet 2

Reply after

reverse lookup

SA: 172.21.2.1

DA: 10.1.1.1

After Translation

DA: 172.21.2.2

SA: 200.2.2.2

DA: 200.2.2.2

Reply

SA: 172.21.2.2

packet 2

DA: 200.2.2.1

Reply

SA: 172.21.2.1

packet 1

NAT Table

10.1.1.1

200.2.2.1

After packet 1

After packet 2

XSR

Internal
interface

Advertising
Popular Brands
Popular manuals