Chapter 5
Configuring Network Address Translation
Configuring Static NAT and Static Port Redirection as a Policy
Action
OL-16202-01
To associate the previously created class map with the policy map. For example,
enter:
host1/C1(config-pmap)# class NAT_CLASS
host1/C1(config-pmap-c)#
To dissociate a class map from a policy map, enter:
host1/C1(config-pmap)# no class NAT_CLASS
You can configure static NAT and static port redirection as an action in a policy
map by using the nat static command in policy-map class configuration mode.
Typically, you use static NAT and port redirection for DNAT. Static NAT allows
you to identify local traffic for address translation by specifying the source and
destination addresses in an extended ACL, which is referenced as part of the class
map traffic classification. The ACE applies static NAT from the interface to which
the traffic policy is attached (through the service-policy interface configuration
command) to the interface specified in the nat static command.
The syntax of this command is as follows:
nat static ip_address netmask mask {port1 | tcp eq port2 | udp eq port3}
vlan number
The keywords and arguments are as follows:
static ip_address—Sets up a single static translation. The ip_address
•
argument establishes the globally unique IP address of a host as it appears to
the outside world. The policy map performs the global IP address translation
for the source IP address specified in the ACL (as part of the class-map traffic
classification).
netmask mask—Specifies the subnet mask for the static IP address. Enter a
•
subnet mask in dotted-decimal notation (for example, 255.255.255.0).
port1—Global TCP or UDP port for static port redirection. Enter an integer
•
from 0 to 65535.
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
Configuring Static NAT and Static Port Redirection
5-37