Bypassing Nat; Configuring Identity Nat - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Chapter 9
Configuring Network Address Translation
match, more exclusive nat statements are matched before general statements. The following example
shows the Telnet static statement, the more exclusive nat statement for initiated traffic from the Telnet
server, and the statement for other inside hosts, which uses a different global address.
FWSM/contexta(config)# static (inside,outside) tcp 10.1.2.14 telnet 10.1.1.15 telnet
netmask 255.255.255.255
FWSM/contexta(config)# nat (inside) 1 10.1.1.15 255.255.255.255
FWSM/contexta(config)# global (outside) 1 10.1.2.14
FWSM/contexta(config)# nat (inside) 2 10.1.1.0 255.255.255.0
FWSM/contexta(config)# global (outside) 2 10.1.2.78
To translate a well-known port (80) to another port (8080), enter the following command:
FWSM/contexta(config)# static (inside,outside) tcp 10.1.2.45 80 10.1.1.16 8080 netmask
255.255.255.255
Bypassing NAT
You can bypass NAT using identity NAT, static identity NAT, or NAT exemption. See the
NAT" section on page 9-7
topics:
•
•
•
Configuring Identity NAT
Identity NAT translates the local IP address to the same IP address, and only local traffic can originate
connections. (For same security level interfaces, hosts connected to any interface on the same security
level can initiate traffic.)
Figure 9-18
Figure 9-18 Identity NAT
209.165.201.1
209.165.201.2
If you change the NAT configuration, and you do not want to wait for existing translations to time out
Note
before the new NAT information is used, you can clear the translation table using the clear xlate
command. However, clearing the translation table disconnects all current connections.
To configure identity NAT, enter the following command:
FWSM/contexta(config)# nat ( local_interface ) 0 local_ip [ mask [dns] [outside |
[norandomseq] [[tcp] tcp_max_conns [ emb_limit ]] [udp udp_max_conns ]]]
OL-6392-01
for more information about these methods. This section includes the following
Configuring Identity NAT, page 9-29
Configuring Static Identity NAT, page 9-30
Configuring NAT Exemption, page 9-31
shows a typical identity NAT scenario.
FWSM
209.165.201.1
209.165.201.2
Inside
Outside
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
Bypassing NAT
"Bypassing
9-29
Advertisement
Table of Contents
Troubleshooting
