Configuring napt, Multiple nat pools within an interface, Configuring napt -41 – Enterasys Networks Security Router X-PeditionTM User Manual

Page 143: Multiple nat pools within an interface -41

Advertising
background image

Configuring NAT Examples

XSR User’s Guide 5-41

3.

Host 172.20.2.1 receives the packet and responds to address 200.2.2.1.

4.

When the XSR receives the packet, it searches the NAPT table, using the protocol, global
address and port, and translates the address to the inside local address 10.1.1.1 and
destination port 1789, then forwards it to address 10.1.1.1.

Configuring NAPT

Enter the following commands to configure overloading of inside global addresses. This example
configures an optional access list to permit specified traffic. All other traffic is implicitly denied.

XSR(config)#interface serial 1/0

+

Configures serial port and acquires Interface mode

XSR(config-if<S1/0>)#ip nat source list 99 assigned overload

+

Specifies NAT translation rules on the interface

XSR(config)#access-list 99 permit ip 10.1.1.0 0.0.0.255

+

Adds ACL to permit IP traffic from the specified source

Multiple NAT Pools within an Interface

This scenario describes two NAT pools within interface F2. As shown in

Figure 5-14

, the pools are

assigned to external port F2. One is used for packets sent to the 172.20.2.0 network and the other
for the 164.17.2.0 network. Based n the ACL, outbound packets would use one of the two pools.
Note that the same internal host can have mappings in both pools since it could send packets to
both destinations. Packets that do not match either ACL will be sent un-NATted.

Optionally, NAPT permits packets not matching either of the pool ACLs to pass through NAPT.

Figure 5-14 Multiple NAT Pools within Interface

Multiple NAT pooling procedes as follows:

1.

The user at 10.1.1.1 opens a connection to host 172.20.2.1.

Internet

Outside

Inside

After Translation

SA: 10.1.1.1

Request

DA: 164.17.2.1

SA: 200.2.2.1

DA: 172.20.2.1

172.20.2.1

10.1.1.1

164.17.2.2

NAT Table

10.1.1.1

200.2.2.1

10.1.1.2

201.2.2.1

10.1.1.2

SA: 10.1.1.2

Request

DA: 164.17.2.1

DA: 200.2.2.1

Reply

SA: 172.20.2.1

XSR

Internal
interface

Inside local

IP Address

Inside global
IP Address

External

interface

After Translation

DA: 172.20.2.1

SA: 200.2.2.1

F2

Advertising
Popular Brands
Popular manuals