Nat Enable - Ericsson HM4x0 Reference Manual

14.2

nat enable

14.2.1 Syntax
nat enable <name> <interfacename> {internal|dmz}
14.2.2 Description
This command enables NAT between an existing security interface and a
network interface type. NAT is enabled between the security interface and all
the interfaces that belong to the chosen network interface type.
Note:
An interface is either an inside or outside interface. The network attached to
an inside interface needs to be protected from the network attached to an
outside interface. For example, the network attached to an internal interface
(inside) needs to be protected from the network attached to a DMZ (outside).
Also, you can only enable NAT between two different interface types. For
example, if interfacename is an external interface type, you can enable NAT
between the interfacename and the internal or the DMZ interface type, but not
the external interface type. The following interface combinations are the only
ones that you can use:
•
•
•
The existing security interface must be an outside interface. NAT translates
packets between the outside interface and the inside interface type. In this
way, the IP address of a host on a network attached to an inside interface is
hidden from a host on a network attached to an outside interface.
If you want to map an outside interface to an individual host on an inside
interface type, you can use the command nat add resvmap interfacename.
14.2.3 Options
The following table gives the range of values for each option which can be
specified with this command and a default value (if applicable).
Option
2/1553-ZAT 759 94 Uen B – December 2005
You must enable the Security package using the command security if
you want to use the NAT module to configure security for your system.
External (outside) and internal (inside).
External (outside) and DMZ (inside).
DMZ (outside) and internal (inside).
Description
NAT CLI Commands
Default value
339