Nat Overview; Introduction To Nat; C H A P T E R 9 Configuring Network Address Translation - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
NAT Overview
•
Introduction to NAT
Address translation substitutes the local address in a packet with a global address that is routable on the
destination network. In this document, all types of translation are generally referred to as "NAT."
On the FWSM, you must specifically configure some interfaces to either use or to bypass NAT. For
example, when hosts on a higher security interface (inside) access hosts on a lower security interface
(outside), you must configure NAT on the inside hosts or specifically configure the inside hosts to bypass
NAT (See the
When discussing NAT, the terms inside and outside are relative, and represent the security relationship
Note
between any two interfaces. The higher security level is inside and the lower security level is outside;
for example, interface 1 is at 60 and interface 2 is at 50, so interface 1 is "inside" and interface 2 is
"outside."
An inside host can communicate with the untranslated local address of the outside host without any
special configuration on the outside interface. However, you can also optionally configure NAT on the
outside network.
Interfaces that are on the same security level that you have allowed to communicate do not have to
perform NAT. You can, however, optionally configure NAT for these interfaces. (See the
Communication Between Interfaces on the Same Security Level" section on page 6-8
information.) In this case, there is no inside or outside when performing NAT between two interfaces.
Some of benefits of NAT are as follows:
•
•
•
See
Note
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
9-2
Setting Connection Limits in the NAT Configuration, page 9-16
"Configuring Interfaces" section on page 6-6
You can use private addresses on your inside networks. Private addresses are not routable on the
Internet. (See the
"Private Networks" section on page D-2
NAT hides the local addresses from other networks, so attackers cannot learn the real address of
a host.
You can resolve IP routing problems such as overlapping addresses.
Table 13-1 on page 13-2
for information about protocols that are not supported by NAT.
Chapter 9
Configuring Network Address Translation
for more information about security levels).
for more information.)
"Allowing
for more
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
