Nat In Routed Mode - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
NAT Overview
interface (outside) match a NAT rule, or processing for the packet stops. See the
Overview" section on page 7-1
section on page 17-4
In this document, all types of translation are referred to as NAT. When describing NAT, the terms inside
Note
and outside represent the security relationship between any two interfaces. The higher security level is
inside and the lower security level is outside. For example, interface 1 is at 60 and interface 2 is at 50;
therefore, interface 1 is "inside" and interface 2 is "outside."
Some of the benefits of NAT are as follows:
•
•
•
See
NAT in Routed Mode
Figure 17-1
the inside host at 10.1.1.27 sends a packet to a web server, the real source address, 10.1.1.27, of the
packet is changed to a mapped address, 209.165.201.10. When the server responds, it sends the response
to the mapped address, 209.165.201.10, and the security appliance receives the packet. The security
appliance then changes the translation of the mapped address, 209.165.201.10 back to the real address,
10.1.1.1.27 before sending it to the host.
Figure 17-1
10.1.2.27
Cisco Security Appliance Command Line Configuration Guide
17-2
for more information about NAT control.
You can use private addresses on your inside networks. Private addresses are not routable on the
Internet. See the
"Private Networks" section on page D-2
NAT hides the real addresses from other networks, so attackers cannot learn the real address of a
host.
You can resolve IP routing problems such as overlapping addresses.
Table 25-1 on page 25-3
for information about protocols that do not support NAT.
shows a typical NAT example in routed mode, with a private network on the inside. When
NAT Example: Routed Mode
Originating
Packet
Translation
209.165.201.10
for more information about security levels. See the
Web Server
www.cisco.com
Outside
209.165.201.2
Security
Appliance
10.1.2.1
Inside
10.1.2.27
Chapter 17
"Security Level
"NAT Control"
for more information.
Responding
Packet
Undo Translation
209.165.201.10
10.1.2.27
Configuring NAT
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
