Using Static Nat - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Using Static NAT
Using Static NAT
This section tells how to configure a static translation.
Figure 9-16
and the global address is statically assigned.
Figure 9-16 Static NAT
10.1.1.1
10.1.1.2
You cannot use the same local or global address in multiple static statements between the same two
interfaces. Do not use an address that is also defined as a dynamic PAT address in a global statement.
For more information about static NAT, see the
If you change the NAT configuration, and you do not want to wait for existing translations to time out
Note
before the new NAT information is used, you can clear the translation table using the clear xlate
command. However, clearing the translation table disconnects all current connections.
To configure static NAT, enter one of the following commands.
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
9-26
shows a typical static NAT scenario. Both local and global traffic can originate connections,
FWSM
209.165.201.1
209.165.201.2
Inside
Outside
For policy static NAT, enter the following command:
FWSM/contexta(config)# static ( local_interface , global_interface )
{ global_ip | interface} access-list acl_name [dns] [norandomseq] [[tcp] tcp_max_conns
[ emb_limit ]] [udp udp_max_conns ]
Create the ACL using the access-list command (see the
section on page
10-13). This ACL should include only permit access control entries (ACEs). The
source subnet mask used in the ACL is also used for the global addresses. You can also specify the
local and destination ports in the ACL using the eq operator. See the
page 9-8
for more information.
See the
"Configuring NAT or PAT" section on page 9-23
To configure regular static NAT, enter the following command:
FWSM/contexta(config)# static ( local_interface , global_interface )
{ global_ip | interface} local_ip [netmask mask ] [dns] [norandomseq]
[[tcp] tcp_max_conns [ emb_limit ]] [udp udp_max_conns ]
See the
"Configuring NAT or PAT" section on page 9-23
Chapter 9
Configuring Network Address Translation
"Static NAT" section on page
"Adding an Extended Access Control List"
"Policy NAT" section on
for information about the other options.
for information about the options.
9-5.
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
