17-29
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 17 Applying NAT
Bypassing NAT
Figure 17-23 shows a typical identity NAT scenario.
Figure 17-23 Identity NAT
Note If you change the NAT configuration, and you do not want to wait for existing translations to time out
before the new NAT information is used, you can clear the translation table using the clear xlate
command. However, clearing the translation table disconnects all current connections that use
translations.
To configure identity NAT, enter the following command:
hostname(config)# nat (real_interface) 0 real_ip [mask [dns] [outside] [norandomseq]
[[tcp] tcp_max_conns [emb_limit]] [udp udp_max_conns]
See the “Configuring Dynamic NAT or PAT” section on page 17-22 for information about the options.
For example, to use identity NAT for the inside 10.1.1.0/24 network, enter the following command:
hostname(config)# nat (inside) 0 10.1.1.0 255.255.255.0
Configuring Static Identity NAT
Static identity NAT translates the real IP address to the same IP address. The translation is always active,
and both “translated” and remote hosts can originate connections. Static identity NAT lets you use
regular NAT or policy NAT. Policy NAT lets you identify the real and destination addresses when
determining the real addresses to translate (see the “Policy NAT” section on page 17-9 for more
209.165.201.1 209.165.201.1
Inside Outside
209.165.201.2 209.165.201.2
130033
Security
Appliance
To Next Page
Loading...
Need help?
General