Configuring Identity Nat; Configuring Static Identity Nat - Cisco 7604 Configuration Manual

Bypassing NAT

Configuring Identity NAT

Identity NAT translates the real IP address to the same IP address. Only "translated" hosts can create
NAT translations, and responding traffic is allowed back.
Figure 16-24
Figure 16-24
209.165.201.1
209.165.201.2
If you change the NAT configuration, and you do not want to wait for existing translations to time out
Note
before the new NAT information is used, you can clear the translation table using the clear xlate
command. However, clearing the translation table disconnects all current connections that use
translations.
To configure identity NAT, enter the following command:
hostname(config)# nat (real_interface) 0 real_ip [mask [dns] [outside]
[[tcp] tcp_max_conns [emb_limit]] [udp udp_max_conns] [norandomseq]]
See the
For example, to use identity NAT for the inside 10.1.1.0/24 network, enter the following command:
hostname(config)# nat (inside) 0 10.1.1.0 255.255.255.0

Configuring Static Identity NAT

Static identity NAT translates the real IP address to the same IP address. The translation is always active,
and both "translated" and remote hosts can originate connections. Static identity NAT lets you use
regular NAT or policy NAT. Policy NAT lets you identify the real and destination addresses when
determining the real addresses to translate. (See the
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
16-34
shows a typical identity NAT scenario.
Identity NAT
FWSM
209.165.201.1
209.165.201.2
Inside Outside
"Configuring Dynamic NAT or PAT" section on page 16-26
Chapter 16
for information about the options.
"Policy NAT" section on page 16-10
Configuring NAT
for more
OL-20748-01