Enterasys Networks X-PeditionTM manual Network Address and Port Translation, Configuring Napt

Configuring NAT Examples

3.Optional. Add an ACL to permit NAT traffic from the 10.1.1.0 network. All other traffic is implicitly denied.

XSR(config)#access-list 57 permit 10.1.1.0 0.0.0.255

4.Optional. Reset the default NAT timeout interval to 5 minutes:

XSR(config)#ip nat translation timeout timeout 300

5.Enable an interface; F1, for example:

XSR(config)#interface fastethernet 1

6.Bind the interface and optional ACL to the NAT pool:

XSR(config-if<F1>)#ip nat source list 57 pool NATpool

7.Optional. Enable a second interface, F2, to use the same NAT pool:

XSR(config)#interface fastethernet 2

8.Optional. Bind the second interface to NATpool:

XSR(config-if<F2>)#ip nat source pool NATpool

Note that no ACL is associated with NATpool. Alternatively, you can create a second NAT pool which will share addresses with the first configured NAT pool.

Network Address and Port Translation

This example sets inside source address translation with overload (NAPT) XSR (Figure 5-13).

Figure 5-13 NAT Inside Source Translation with Overload (NAPT).

Configuring NAPT

Inside source address translation with overload, as shown in Figure 5-13, is configured as follows:

1.The user at address 10.1.1.1 opens a connection to host address 172.20.2.1.

2.The first packet that the XSR receives from 10.1.1.1 prompts a check of the NAPT table. If no translation entry exists and the address 10.1.1.1 must be translated, the XSR sets up a translation entry. So the router replaces the inside local address 10.1.1.1 with the external address 200.20.2.1, replaces the source port with 40450, and forwards the packet.

5-40 Configuring IP