9-22
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 9 Configuring Network Address Translation
Using Dynamic NAT and PAT
NAT ID (see Figure 9-13). Note that for outside NAT (DMZ interface to Inside interface), the inside host
uses a static NAT statement to allow outside access, so both the source and destination addresses are
translated.
Figure 9-13 Outside NAT and Inside NAT Combined
See the following commands for this example:
FWSM/contexta(config)# nat (dmz) 1 10.1.1.0 255.255.255.0 outside
FWSM/contexta(config)# nat (dmz) 1 10.1.1.0 255.255.255.0
FWSM/contexta(config)# static (inside,dmz) 10.1.2.27 10.1.1.5 netmask 255.255.255.255
FWSM/contexta(config)# global (outside) 1 209.165.201.3-209.165.201.4
FWSM/contexta(config)# global (inside) 1 10.1.2.30-1-10.1.2.40
Outside
DMZ
Inside
Global 1: 209.165.201.3-
209.165.201.10
Global 1: 10.1.2.30-
10.1.2.40
Static to DMZ: 10.1.2.27 10.1.1.5
Outside NAT 1: 10.1.1.0/24
NAT 1: 10.1.1.0/24
10.1.1.15
10.1.2.27
Source Addr Translation
209.165.201.410.1.1.15
Source Addr Translation
10.1.2.3010.1.1.15
Dest. Addr Translation
10.1.2.2710.1.1.5
114998
To Next Page
Loading...
