Configuring An Acl; Configuring Interfaces For Dynamic Nat And Pat; Creating A Global Ip Address Pool For Nat - Cisco 4700M Configuration Manual

Configuring Dynamic NAT and PAT

Configuring an ACL

Configuring Interfaces for Dynamic NAT and PAT

Creating a Global IP Address Pool for NAT

Note
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
5-12
You can use a security access control list (ACL) to permit the traffic that requires
NAT. For details about configuring an ACL, see
Access Control Lists.
To configure an ACL for dynamic NAT, use the access-list command in
configuration mode. The syntax of this command is as follows:
access-list name [line number] extended {deny | permit}
{protocol} {src_ip_address netmask | any | host src_ip_address}
[operator port1 [port2]] {dest_ip_address netmask | any | host
dest_ip_address} [operator port3 [port4]]
For example, enter:
host1/C1(config)# access-list NAT_ACCESS extended permit tcp
192.168.12.0 255.255.255.0 172.27.16.0 255.255.255.0 eq 80
To delete the ACL from the configuration, enter:
host1/C1(config)# no access-list NAT_ACCESS
Configure an interface for clients and an interface for the real servers. If you are
operating the ACE in one-arm mode, do not configure an interface for clients. For
details, see the Cisco 4700 Series Application Control Engine Appliance Routing
and Bridging Configuration Guide.
Dynamic NAT uses a pool of global IP addresses that you specify. You can define
either a single global IP address for a group of servers with PAT to differentiate
between them, or a range of global IP addresses when using dynamic NAT only.
To use a single IP address or a range of addresses, you assign an identifier to the
address pool. You configure the NAT pool on the server VLAN interface.
If a packet egresses an interface that you have not configured for NAT, the ACE
transmits the packet untranslated.
Chapter 5 Configuring Network Address Translation
Chapter 1, Configuring Security
OL-16202-01