Table of Contents
Advertisement
Chapter 11: Network Address Translation Configuration Guide
The first step is to create the interfaces:
interface create ip 10-net address-netmask 10.1.1.1/24 port et.2.1
interface create ip 192-net address-netmask 192.50.20.0/24 port et.2.2
interface create ip 201-net address-netmask 201.50.20.0/24 port et.2.3
Next, define the interfaces to be NAT inside or outside:
nat set interface 10-net inside
nat set interface 192-net outside
nat set interface 201-net outside
Then, define the NAT dynamic rules by first creating the source ACL pool and then
configuring the dynamic bindings:
acl lcl permit ip 10.1.1.0/24
nat create dynamic local-acl-pool lcl global-pool 192.50.20.0/24 matching-
if 192-net
nat create dynamic local-acl-pool lcl global-pool 210.50.20.0/24 matching-
if 201-net
Using Dynamic NAT with Matching Interface Redundancy
If you have redundant connections to the remote network via two different interfaces, you
can use NAT for translating the local address to the different global pool specified for the
two connections. This case is possible when you have two ISPs connected on two different
interfaces to the Internet. Through a routing protocol, some routes will result in traffic
going out of one interface and for others going out on the other interface. NAT will check
which interface the packet is going out from before selecting a global pool. Hence, you can
specify two different global pools with the same local ACL pool on two different
interfaces.
194
Internet Appliance User Reference Manual
Advertisement
Table of Contents
