9-19
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 9 Configuring Network Address Translation
Using Dynamic NAT and PAT
You can also enter a global statement for each interface using the same NAT ID. If you enter a global
statement for the Outside and DMZ interfaces on ID 1, then the Inside NAT statement identifies traffic
to be translated when going to both the Outside and the DMZ interfaces. Similarly, if you also enter a
NAT statement for the DMZ interface on ID 1, then the global statement on the Outside interface is also
used for DMZ traffic. (See Figure 9-10).
Figure 9-10 Global and NAT Statements on Multiple Interfaces
See the following commands for this example:
FWSM/contexta(config)# nat (inside) 1 10.1.2.0 255.255.255.0
FWSM/contexta(config)# nat (dmz) 1 10.1.1.0 255.255.255.0
FWSM/contexta(config)# global (outside) 1 209.165.201.3-209.165.201.10
FWSM/contexta(config)# global (dmz) 1 10.1.1.23
Web Server:
www.cisco.com
Outside
DMZ
Inside
Global 1: 209.165.201.3-
209.165.201.10
NAT 1: 10.1.2.0/24
NAT 1: 10.1.1.0/24
Global 1: 10.1.1.23
10.1.1.15
10.1.2.27
104670
Source Addr Translation
209.165.201.310.1.2.27
Source Addr Translation
209.165.201.410.1.1.15
Source Addr Translation
10.1.1.23:202410.1.2.27
To Next Page
Loading...
Need help?
General