Nat port forwarding, Configuring policy based routing example, Nat port forwarding -44 – Enterasys Networks Security Router X-PeditionTM User Manual

Page 146: Configuring policy based routing example -44

Advertising
background image

Configuring Policy Based Routing Example

5-44 Configuring IP

+

The above optional NAPT commands use ACL 101 for the 200.2.2.0 network and ACL 102 for the

201.2.2.0 network

XSR(config-if<F2>)#ip nat source intf-static 10.1.1.1 203.2.2.1

+

The above optional command statically NATs packets from 10.1.1.1 to 203.2.2.1

NAT Port Forwarding

This scenario, as shown in

Figure 5-16

, illustrates NAT port forwarding. The connection is

initiated by the PC at 172.20.2.1 to port 4003 on 200.2.2.1. The XSR’s static NAT table is first
checked for mappings. An entry is found for 200.2.2.1 (which happens to be the interface IP
address, but is not required) with port 4003 mapping it to the PC at 10.1.1.1:23. The packet is then
translated and forwarded to 10.1.1.1 destined for port 23.

The reply packet from the Telnet server once again passes to the static NAT at interface F2 and is
forwarded to 172.20.2.1 as being from 200.2.2.1:4003.

Figure 5-16 NAT Port Forwarding

Enter the following commands to enable NAT Port Forwarding:

XSR(config)#interface fastethernet2
XSR(config-if<F2>)#ip address 200.2.2.1/24
XSR(config-if<F2>)#ip nat source intf-static tcp 10.1.1.1 23 200.2.2.1 4003
XSR(config-if<F2>)#ip nat source assigned overload

Configuring Policy Based Routing Example

The following example configures PBR to forward to a next-hop router:

XSR(config)#access-list 101 permit ip 10.10.10.0 0.0.0.255 192.168.5.0 0.0.0.255

The commands below configure GigabitEthernet interface 1 with an IP address, and enable PBR
with the

ip policy

command:

XSR(config)#interface GigabitEthernet 1
XSR(config-if<G1>)#ip address 192.168.5.1 255.255.255.0

Internet

Outside

Inside

Reply

DA: 10.1.1.1

Telnet SYN Pkt

DA: 172.20.2.1

SA: 200.2.2.1

SA: 172.20.2.1

172.20.2.1

10.1.1.1

172.21.2.2

NAT Table

10.1.1.1:23

200.2.2.1:4003

10.1.1.2

DA: 200.2.2.1:4003

Request

SA: 172.20.2.1

XSR

Internal

interface

Inside local

IP Address

Inside global

IP Address

Protocol

TCP

Runs Telnet Server at Port 23

External

interface

F2

Advertising
Popular Brands
Popular manuals