9-30
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 9 Configuring Network Address Translation
Bypassing NAT
See the “Configuring NAT or PAT” section on page 9-23 for information about the options.
For example, to use identity NAT for the inside 10.1.1.0/24 network, enter the following command:
FWSM/contexta(config)# nat (inside) 0 10.1.1.0 255.255.255.0
Configuring Static Identity NAT
Static identity NAT translates the local IP address to the same IP address, and allows both local and
global traffic to originate connections. Static identity NAT lets you use regular NAT or policy NAT.
Policy NAT allow you to identify the local and destination addresses when determining the local traffic
to translate (see the “Policy NAT” section on page 9-8 for more information about policy NAT). For
example, you can use policy static identity NAT for an inside address when it accesses the outside
interface and the destination is server A, but use a normal translation when accessing the outside
server B.
Figure 9-19 shows a typical static identity NAT scenario.
Figure 9-19 Static Identity NAT
Note If you change the NAT configuration, and you do not want to wait for existing translations to time out
before the new NAT information is used, you can clear the translation table using the clear xlate
command. However, clearing the translation table disconnects all current connections.
To configure static identity NAT, enter one of the following commands:
• To configure policy static identity NAT, enter the following command:
FWSM/contexta(config)# static (
local_interface
,
global_interface
)
local_ip
access-list
acl_id
[dns] [norandomseq] [[tcp]
tcp_max_conns
[
emb_limit
]] [udp
udp_max_conns
]
Create the ACL using the access-list command (see the “Adding an Extended Access Control List”
section on page 10-13). This ACL should include only permit access control entries (ACEs). Make
sure the source address in the ACL matches the first local_ip in this command. See the “Policy NAT”
section on page 9-8 for more information.
See the “Configuring NAT or PAT” section on page 9-23 for information about the other options.
• To configure regular static identity NAT, enter the following command:
FWSM/contexta(config)# static (
local_interface
,
global_interface
)
local_ip local_ip
[netmask
mask
] [dns] [norandomseq] [[tcp]
tcp_max_conns
[
emb_limit
]] [udp
udp_max_conns
]
209.165.201.1 209.165.201.1
Inside
FWSM
Outside
209.165.201.2 209.165.201.2
114407
To Next Page
Loading...
Need help?
General