Brocade Communications Systems ServerIron ADX 12.4.00a Security Manual page 115

3. Configure a numbered ACL and permit the IP addresses on the inside. Then define the global
4. Tie the inside source list to the global pool and enable PAT (overload) to send traffic out the
5. rconsole into the BP and verify the translation is working correctly.
Dynamic NAT configuration example 2
In the following example, the ServerIron ADX is configured to translate inside hosts in the 20.20.0.0
network to unique global addresses in the 15.15.15.15/24 network.
FIGURE 7
Remote Server
This example requires that Interfaces 1/5 and 1/1 be configured as Inside and Outside interfaces
respectively as shown.
ServerIronADX(config)# interface ethernet 1/5
ServerIronADX(config-if-e1000-1/5) ip address 20.20.50.1 255.255.0.0
ServerIronADX(config-if-e1000-1/5) ip nat inside
ServerIron ADX Security Guide
53-1002440-03
ServerIronADX(config-ve-2)#ip nat inside
ServerIronADX(config-ve-3)#ip nat outside
address pool and enable dynamic NAT.
ServerIronADX(config)# access-list 101 permit ip 10.10.1.0/24 any
ServerIronADX(config)# ip nat pool global_pool 209.157.1.2 209.157.1.254
prefix-length 24
Make sure you specify permit in the ACL, rather than deny. If you specify deny, the ServerIron
ADX will not provide NAT for the addresses.
external interface.
ServerIronADX(config)# ip nat inside source list 101 pool global_pool
rconsole x/x
show ip nat statistic
show ip nat translation
Example of a dynamic NAT configuration - translating inside host addresses to unique pool
addresses
Internet
Outside Interface
1/1
SI
1/5
Global IP address pool: 15.15.15.15 to 15.15.15.25
Inside Interface
Inside IP addresses: 20.20.0.0
4
Configuring NAT
101