Chapter 16 Configuring Nat; Introduction To Nat; Nat In Routed Mode - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
NAT Overview
Introduction to NAT
Address translation substitutes the real address in a packet with a mapped address that is routable on the
destination network. NAT is comprised of two steps: the process in which a real address is translated into
a mapped address, and then the process to undo translation for returning traffic. NAT is supported in both
routed and transparent firewall mode.
The FWSM translates an address when a NAT rule matches the traffic. If no NAT rule matches,
processing for the packet continues. The exception is when you enable NAT control. NAT control
requires that packets traversing from a higher security interface (inside) to a lower security interface
(outside) match a NAT rule, or else processing for the packet stops. (See the
section on page 6-1
page 16-5
In this document, all types of translation are generally referred to as NAT. When discussing NAT, the
Note
terms inside and outside are relative, and represent the security relationship between any two interfaces.
The higher security level is inside and the lower security level is outside; for example, interface 1 is at
60 and interface 2 is at 50, so interface 1 is "inside" and interface 2 is "outside."
Some of the benefits of NAT are as follows:
•
•
•
See
Note
NAT in Routed Mode
Figure 16-1
the inside host at 10.1.1.27 sends a packet to a web server, the real source address, 10.1.1.27, of the
packet is changed to a mapped address, 209.165.201.10. When the server responds, it sends the response
to the mapped address, 209.165.201.10, and the FWSM receives the packet. The FWSM then undoes the
translation of the mapped address, 209.165.201.10 back to the real address, 10.1.1.1.27 before sending
it on to the host.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
16-2
for more information about security levels, and see the
for more information about NAT control.)
You can use private addresses on your inside networks. Private addresses are not routable on the
Internet. (See the
"Private Networks" section on page E-2
NAT hides the real addresses from other networks, so attackers cannot learn the real address of a
host.
You can resolve IP routing problems such as overlapping addresses.
Table 22-1 on page 22-4
for information about protocols that do not support NAT.
shows a typical NAT scenario in routed mode, with a private network on the inside. When
Chapter 16
Configuring NAT
"Security Level Overview"
"NAT Control" section on
for more information.)
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
