Using Static Pat - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Chapter 9
Configuring Network Address Translation
For example, the following policy static NAT example shows a single local address that is translated to
two global addresses depending on the destination address (see
graphic):
FWSM/contexta(config)# access-list NET1 permit ip host 10.1.2.27 209.165.201.0
255.255.255.224
FWSM/contexta(config)# access-list NET2 permit ip host 10.1.2.27 209.165.200.224
255.255.255.224
FWSM/contexta(config)# static (inside,outside) 209.165.202.129 access-list NET1
FWSM/contexta(config)# static (inside,outside) 209.165.202.130 access-list NET2
The following command maps an inside IP address (10.1.1.3) to an outside IP address (209.165.201.12):
FWSM/contexta(config)# static (inside,outside) 209.165.201.12 10.1.1.3 netmask
255.255.255.255
The following command maps the outside address (209.165.201.15) to an inside address (10.1.1.6):
FWSM/contexta(config)# static (outside,inside) 10.1.1.6 209.165.201.15 netmask
255.255.255.255
The following command statically maps an entire subnet:
FWSM/contexta(config)# static (inside,dmz) 10.1.1.0 10.1.2.0 netmask 255.255.255.0
Using Static PAT
This section tells how to configure a static port translation. Static PAT lets you translate the local IP
address to a global IP address, as well as the local port to a global port. You can choose to translate the
same port, which lets you translate specific types of traffic, or you can take it further by translating to a
different port.
Figure 9-17
and the global address and port is statically assigned.
Figure 9-17 Static PAT
10.1.1.2:8080
You cannot use the same local or global address in multiple static statements between the same two
interfaces. Do not use an address that is also defined as a dynamic PAT address in a global statement.
For more information about static PAT, see the
If you change the NAT configuration, and you do not want to wait for existing translations to time out
Note
before the new NAT information is used, you can clear the translation table using the clear xlate
command. However, clearing the translation table disconnects all current connections.
OL-6392-01
shows a typical static PAT scenario. Both local and global traffic can originate connections,
FWSM
10.1.1.1:23
Inside
Outside
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
209.165.201.1:23
209.165.201.2:80
"Static PAT" section on page
Using Static PAT
Figure 9-3 on page 9-8
for a related
9-5.
9-27
Advertisement
Table of Contents
Troubleshooting
