Configuring Static Identity Nat - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Bypassing NAT
See the
For example, to use identity NAT for the inside 10.1.1.0/24 network, enter the following command:
FWSM/contexta(config)# nat (inside) 0 10.1.1.0 255.255.255.0
Configuring Static Identity NAT
Static identity NAT translates the local IP address to the same IP address, and allows both local and
global traffic to originate connections. Static identity NAT lets you use regular NAT or policy NAT.
Policy NAT allow you to identify the local and destination addresses when determining the local traffic
to translate (see the
example, you can use policy static identity NAT for an inside address when it accesses the outside
interface and the destination is server A, but use a normal translation when accessing the outside
server B.
Figure 9-19
Figure 9-19 Static Identity NAT
209.165.201.1
209.165.201.2
If you change the NAT configuration, and you do not want to wait for existing translations to time out
Note
before the new NAT information is used, you can clear the translation table using the clear xlate
command. However, clearing the translation table disconnects all current connections.
To configure static identity NAT, enter one of the following commands:
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
9-30
"Configuring NAT or PAT" section on page 9-23
"Policy NAT" section on page 9-8
shows a typical static identity NAT scenario.
FWSM
Inside
Outside
To configure policy static identity NAT, enter the following command:
FWSM/contexta(config)# static ( local_interface , global_interface ) local_ip access-list
acl_id [dns] [norandomseq] [[tcp] tcp_max_conns [ emb_limit ]] [udp udp_max_conns ]
Create the ACL using the access-list command (see the
section on page
10-13). This ACL should include only permit access control entries (ACEs). Make
sure the source address in the ACL matches the first local_ip in this command. See the
section on page 9-8
for more information.
See the
"Configuring NAT or PAT" section on page 9-23
To configure regular static identity NAT, enter the following command:
FWSM/contexta(config)# static ( local_interface , global_interface ) local_ip local_ip
[netmask mask ] [dns] [norandomseq] [[tcp] tcp_max_conns [ emb_limit ]] [udp
udp_max_conns ]
Chapter 9
for information about the options.
for more information about policy NAT). For
209.165.201.1
209.165.201.2
Configuring Network Address Translation
"Adding an Extended Access Control List"
for information about the other options.
"Policy NAT"
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
