Table of Contents
Advertisement
Using Dynamic NAT with IP Overload
Dynamic NAT with IP overload can be used when the local network (inside network) will
be initializing the connections using TCP or UDP protocols. It creates a binding at run
time when the packet comes from a local network defined in the NAT dynamic local ACL
pool. The difference between the dynamic NAT and dynamic NAT with PAT is that PAT
uses port (Layer-4) information to do the translation. Hence, each global IP has about 4000
ports that can be translated. NAT on the IA uses the standard BSD range of ports from
1024-4999 which is fixed and cannot be configured by the user. The network administrator
does not have to worry about the way in which the bindings are created; he/she just sets
the pools and the IA automatically chooses a free global IP from the global pool for the
local IP.
Dynamic bindings are removed when the flow count goes to zero or the timeout has been
reached. The removal of bindings frees the port for that global and the port is available for
reuse. When all the ports for that global are used, then ports are assigned from the next
free global. If no more ports and globals are available, the packets will be dropped.
Dynamic NAT with Outside Interface Redundancy
The example in
10.1.1.0/24 to outside addresses 192.50.20.0/24 on interface 192-net and to outside
addresses 201.50.20.0/24 on interface 201-net:
Outbound: Translate source pool 10.1.1.0/24 to global pool 192.50.20.0/24
Translate source pool 10.1.1.0/24 to global pool 201.50.20.0/24
10.1.1.4
IP network 10.1.1.0/24
10.1.1.2
10.1.1.3
Figure 27. Dynamic NAT with Outside Interface Redundancy Example
Internet Appliance User Reference Manual
Chapter 11: Network Address Translation Configuration Guide
Figure 27
configures a dynamic address binding for inside addresses
Router
et.2.2
et.2.1
et.2.3
interface 10-net
(10.1.1.1/24)
interface 192-net
(192.50.20.0/24)
interface 201-net
(201.50.20.0/24)
Global Internet
193
Advertisement
Table of Contents
