Chapter 5
Configuring Network Address Translation
Static Port Redirection
Maximum Number of NAT Commands
OL-16202-01
The main differences between dynamic NAT and static NAT are as follows:
Static NAT uses a one-to-one correspondence between a local IP address and
•
a fixed global IP address, while dynamic NAT assigns a global IP address
from a pool of global addresses.
With static NAT, you need an equal number of global IP addresses and local
•
IP addresses. With dynamic NAT, you can have a pool of fewer global
addresses than local addresses.
Static port redirection, also used for DNAT, performs the same function as static
NAT and additionally translates TCP or UDP ports or ICMP identifiers for the
local and global addresses. With static port redirection, you can use the same
global address in multiple static NAT statements, provided that, along with the
address, you use different port numbers.
For example, if you want to provide a single address for global users to access
FTP, HTTP, and SMTP, but there are different servers for each protocol on the
local network, you can specify static port redirection statements for each server
that use the same global IP address with different ports.
The ACE supports the following maximum numbers of nat, nat-pool, and nat
static commands divided among all contexts:
nat command—8,192
•
nat-pool command—8,192
•
nat static command—8,192
•
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
Network Address Translation Overview
5-7