Chapter 7: Configuring Network Address Translation
Using 1-to-1 NAT
1-to-1 NAT uses a global NAT policy that rewrites and
redirects packets sent to one range of addresses to a com-
pletely different range of addresses. This address conver-
sion works in both directions. You can configure any
number of 1-to-1 NAT addresses.
A common reason to use 1-to-1 NAT is to map public IP
addresses to internal servers without needing to renumber
those servers. 1-to-1 NAT is also used for VPNs in which
the remote network's IP addressing scheme conflicts with
the local scheme. By translating the local network to a
range that is not in conflict with the other end, both sides
can communicate. For more information on 1-to-1 NAT, see
the following FAQ:
https://support.watchguard.com/advancedfaqs/
nat_onetoone.asp
Each NAT policy contains four configurable pieces of infor-
mation:
•
The interface (External, Trusted, Optional, IPSec)
•
The public IP address
•
The internal IP address
•
The number of hosts to remap
The NAT base plus the range defines the NAT region while
the real base plus the range defines the hidden or for-
warded region.
For instance, the following policy:
210.199.6.0–192.168.69.0:255 (NAT base to real base
range)
means that all traffic addressed to hosts between
210.199.6.0 and 210.199.6.255 is forwarded to the corre-
sponding IP address between 192.168.69.0 and
192.168.69.255.
110
WatchGuard Firebox System