Network address and port translation, Configuring napt, Network address and port translation -40 – Enterasys Networks Security Router X-PeditionTM User Manual

Page 142: Configuring napt -40

Advertising
background image

Configuring NAT Examples

5-40 Configuring IP

3.

Optional. Add an ACL to permit NAT traffic from the 10.1.1.0 network. All other traffic is
implicitly denied.

XSR(config)#access-list 57 permit 10.1.1.0 0.0.0.255

4.

Optional. Reset the default NAT timeout interval to 5 minutes:

XSR(config)#ip nat translation timeout timeout 300

5.

Enable an interface; F1, for example:

XSR(config)#interface fastethernet 1

6.

Bind the interface and optional ACL to the NAT pool:

XSR(config-if<F1>)#ip nat source list 57 pool NATpool

7.

Optional. Enable a second interface, F2, to use the same NAT pool:

XSR(config)#interface fastethernet 2

8.

Optional. Bind the second interface to NATpool:

XSR(config-if<F2>)#ip nat source pool NATpool

Note that no ACL is associated with NATpool. Alternatively, you can create a second NAT pool
which will share addresses with the first configured NAT pool.

Network Address and Port Translation

This example sets inside source address translation with overload (NAPT) XSR (

Figure 5-13

).

Figure 5-13 NAT Inside Source Translation with Overload (NAPT).

Configuring NAPT

Inside source address translation with overload, as shown in

Figure 5-13

, is configured as follows:

1.

The user at address 10.1.1.1 opens a connection to host address 172.20.2.1.

2.

The first packet that the XSR receives from 10.1.1.1 prompts a check of the NAPT table. If no
translation entry exists and the address 10.1.1.1 must be translated, the XSR sets up a
translation entry. So the router replaces the inside local address 10.1.1.1 with the external
address 200.20.2.1, replaces the source port with 40450, and forwards the packet.

Internet

Outside

Inside

After Translation

SA: 10.1.1.1

Reply

Request

Reply after

DA: 172.20.2.1

SA: 200.2.2.1

reverse lookup

DA: 172.20.2.1

SA: 172.20.2.1

DA: 10.1.1.1

SA: 172.20.2.1

DA: 200.2.2.1

External

172.20.2.1

10.1.1.1

172.20.2.2

NAPT Table

Protocol

TCP

Inside local
IP addr:port

Inside global

IP addr:port

Outside global

IP addr:port

10.1.1.1:1729 200.2.2.1:40450 172.2.20.2:23

TCP

10.1.1.1:1780 200.2.2.1:40460 172.2.21.2:23

200.20.2.1

interface

NAT applied to

this interface

Internal
interface

XSR

Advertising
Popular Brands
Popular manuals