EasyManuals Logo

Cisco Catalyst 6500 Series User Manual

Cisco Catalyst 6500 Series
392 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #152 background imageLoading...
Page #152 background image
9-8
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 9 Configuring Network Address Translation
NAT Overview
Policy NAT
Policy NAT lets you identify local traffic for address translation by specifying the source and destination
addresses in an extended ACL. You can also optionally specify the source and destination ports. Regular
NAT can only consider the local addresses.
Note All types of NAT support policy NAT except for NAT exemption. NAT exemption uses an ACL to
identify the local addresses, but differs from policy NAT in that the ports are not considered. See the
“Bypassing NAT” section on page 9-29 for other differences.
With policy NAT, you can create multiple NAT or static statements that identify the same local address
as long as the source/port and destination/port combination is unique for each statement. You can then
match different global addresses to each source/port and destination/port pair.
Figure 9-3 shows a host on the 10.1.2.0/24 network accessing two different servers. When the host
accesses the server at 209.165.201.11, the local address is translated to 209.165.202.129. When the host
accesses the server at 209.165.200.225, the local address is translated to 209.165.202.130 so that the host
appears to be on the same network as the servers, which can help with routing.
Figure 9-3 Policy NAT with Different Destination Addresses
See the following commands for this example:
FWSM/contexta(config)# access-list NET1 permit ip 10.1.2.0 255.255.255.0 209.165.201.0
255.255.255.224
FWSM/contexta(config)# access-list NET2 permit ip 10.1.2.0 255.255.255.0 209.165.200.224
255.255.255.224
FWSM/contexta(config)# nat (inside) 1 access-list NET1
FWSM/contexta(config)# global (outside) 1 209.165.202.129
FWSM/contexta(config)# nat (inside) 2 access-list NET2
FWSM/contexta(config)# global (outside) 2 209.165.202.130
Server 1
209.165.201.11
Server 2
209.165.200.225
FWSM
DMZ
Inside
10.1.2.27
10.1.2.0/24
96845
209.165.201.0/27 209.165.200.224/27
Source Addr Translation
209.165.202.12910.1.2.27
Source Addr Translation
209.165.202.13010.1.2.27
Packet
Dest. Address:
209.165.201.11
Packet
Dest. Address:
209.165.200.225

Table of Contents

Other manuals for Cisco Catalyst 6500 Series

Preview: Command Reference
Command Reference160 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Configuration Note
Configuration Note212 pages
Preview: Installation Note
Installation Note36 pages
Preview: Hardware Installation Guide
Hardware Installation Guide134 pages
Preview: Troubleshooting
Troubleshooting10 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 6500 Series and is the answer not in the manual?

Cisco Catalyst 6500 Series Specifications

General IconGeneral
BrandCisco
ModelCatalyst 6500 Series
CategorySwitch
LanguageEnglish

Related product manuals