9-18
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 9 Configuring Network Address Translation
Using Dynamic NAT and PAT
You can enter a NAT statement for each interface using the same NAT ID; they all use the same global
statement when traffic exits a given interface. For example, you can configure NAT statements for Inside
and DMZ interfaces, both on NAT ID 1. Then you configure a global statement on the Outside interface
that is also on ID 1. Traffic from the Inside interface and the DMZ interface share a NAT pool or a
PAT address when exiting the Outside interface (see Figure 9-9).
Figure 9-9 NAT Statements on Multiple Interfaces
See the following commands for this example:
FWSM/contexta(config)# nat (inside) 1 10.1.2.0 255.255.255.0
FWSM/contexta(config)# nat (dmz) 1 10.1.1.0 255.255.255.0
FWSM/contexta(config)# global (outside) 1 209.165.201.3-209.165.201.10
Web Server:
www.cisco.com
Outside
DMZ
Inside
Global 1: 209.165.201.3-
209.165.201.10
NAT 1: 10.1.2.0/24
NAT 1: 10.1.1.0/24
10.1.1.15
10.1.2.27
104674
Source Addr Translation
209.165.201.310.1.2.27
Source Addr Translation
209.165.201.410.1.1.15
To Next Page
Loading...
Need help?
General