EasyManuals Logo

Cisco Catalyst 6500 Series User Manual

Cisco Catalyst 6500 Series
392 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #150 background imageLoading...
Page #150 background image
9-6
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 9 Configuring Network Address Translation
NAT Overview
For example, if you want to provide a single address for global users to access FTP, HTTP, and SMTP,
but these are all actually different servers on the local network, you can specify static PAT statements
for each server that uses the same global IP address, but different ports (see Figure 9-2).
Figure 9-2 Static PAT
See the following commands for this example:
FWSM/contexta(config)# static (inside,outside) tcp 209.165.201.3 ftp 10.1.2.27 ftp netmask
255.255.255.255
FWSM/contexta(config)# static (inside,outside) tcp 209.165.201.3 http 10.1.2.28 http
netmask 255.255.255.255
FWSM/contexta(config)# static (inside,outside) tcp 209.165.201.3 smtp 10.1.2.29 smtp
netmask 255.255.255.255
If the application used by the server requires an inspection engine to allow data channels on other ports,
such as FTP, then the server needs translation for other ports. Other protocols that require inspection
engines for data channels include TFTP, RTSP, and Skinny. See Chapter 13, “Configuring Application
Protocol Inspection,” for a complete list of protocols that require inspection engines. For example, add
the following line to the above configuration to translate all other ports from the FTP server at 10.1.2.27:
FWSM/contexta(config)# nat (inside) 1 10.1.2.27 255.255.255.255
FWSM/contexta(config)# global (outside) 1 209.165.201.3
The above configuration also allows the FTP server to initiate connections, if desired.
You can also use static PAT to translate a well-known port to a non-standard port or vice versa. For
example, if your inside web servers use port 8080, you can allow outside users to connect to port 80, and
then translate them to the 8080 port. Similarly, if you want to provide extra security, you can tell your
web users to connect to non-standard port 6785, and then translate them to port 80 on the local network.
Host
Outside
Inside
Dest Addr Translation
10.1.2.27209.165.201.3:21
Dest Addr Translation
10.1.2.28209.165.201.3:80
Dest Addr Translation
10.1.2.29209.165.201.3:25
FTP server
10.1.2.27
HTTP server
10.1.2.28
SMTP server
10.1.2.29
114381

Table of Contents

Other manuals for Cisco Catalyst 6500 Series

Preview: Command Reference
Command Reference160 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Configuration Note
Configuration Note212 pages
Preview: Installation Note
Installation Note36 pages
Preview: Hardware Installation Guide
Hardware Installation Guide134 pages
Preview: Troubleshooting
Troubleshooting10 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 6500 Series and is the answer not in the manual?

Cisco Catalyst 6500 Series Specifications

General IconGeneral
BrandCisco
ModelCatalyst 6500 Series
CategorySwitch
LanguageEnglish

Related product manuals