Configuring Static Identity Nat - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 17
Configuring NAT
If you change the NAT configuration, and you do not want to wait for existing translations to time out
Note
before the new NAT information is used, you can clear the translation table using the clear xlate
command. However, clearing the translation table disconnects all current connections that use
translations.
To configure identity NAT, enter the following command:
hostname(config)# nat ( real_interface ) 0 real_ip [ mask [dns] [outside] [norandomseq]
[[tcp] tcp_max_conns [ emb_limit ]] [udp udp_max_conns ]
See the
For example, to use identity NAT for the inside 10.1.1.0/24 network, enter the following command:
hostname(config)# nat (inside) 0 10.1.1.0 255.255.255.0
Configuring Static Identity NAT
Static identity NAT translates the real IP address to the same IP address. The translation is always active,
and both "translated" and remote hosts can originate connections. Static identity NAT lets you use
regular NAT or policy NAT. Policy NAT lets you identify the real and destination addresses when
determining the real addresses to translate (see the
information about policy NAT). For example, you can use policy static identity NAT for an inside address
when it accesses the outside interface and the destination is server A, but use a normal translation when
accessing the outside server B.
Figure 17-25
Figure 17-25
209.165.201.1
209.165.201.2
If you remove a static command, existing connections that use the translation are not affected. To remove
Note
these connections, enter the clear local-host command.
You cannot clear static translations from the translation table with the clear xlate command; you must
remove the static command instead. Only dynamic translations created by the nat and global commands
can be removed with the clear xlate command.
To configure static identity NAT, enter one of the following commands:
•
OL-12172-03
"Configuring Dynamic NAT or PAT" section on page 17-23
shows a typical static identity NAT scenario.
Static Identity NAT
Security
Appliance
Inside Outside
To configure policy static identity NAT, enter the following command:
"Policy NAT" section on page 17-10
209.165.201.1
209.165.201.2
Cisco Security Appliance Command Line Configuration Guide
Bypassing NAT
for information about the options.
for more
17-31
Advertisement
Table of Contents
Troubleshooting
