Configuring Nat Control - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Configuring NAT Control
Figure 16-13
the outside server. In this case, when an inside user requests the address for ftp.example.com from the
DNS server, the DNS server responds with the real address, 209.165.20.10. Because you want inside
users to use the mapped address for ftp.example.com (10.1.2.56) you need to configure DNS reply
modification for the static translation.
Figure 16-13
3
DNS Reply Modification
209.165.201.10
See the following command for this example:
hostname(config)# static (outside,inside) 10.1.2.56 209.165.201.10 netmask 255.255.255.255
dns
Configuring NAT Control
NAT control requires that packets traversing from an inside interface to an outside interface match a NAT
rule. See the
To enable NAT control, enter the following command:
hostname(config)# nat-control
To disable NAT control, enter the no form of the command.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
16-18
shows a web server and DNS server on the outside. The FWSM has a static translation for
DNS Reply Modification Using Outside NAT
1
DNS Query
ftp.example.com?
2
DNS Reply
209.165.201.10
10.1.2.56
4
DNS Reply
10.1.2.56
"NAT Control" section on page 16-5
ftp.example.com
209.165.201.10
Static Translation on Inside to:
10.1.2.56
DNS Server
Outside
10.1.2.56
FTP Request
Inside
User
10.1.2.27
for more information.
Chapter 16
Configuring NAT
7
FTP Request
209.165.201.10
6
Dest Addr. Translation
209.165.201.10
5
10.1.2.56
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
