Security Features

Static NAT (one to one)

Figure 15.7 Static NAT

10.1.1.1

 

 

OPAL

 

INTERNET

10.1.1.2

50.1.1.1-50.1.1.3

10.1.1.3

 

In static (one-to-one) NAT type, for each IP address in the corporate network, one NAT IP address will be used. For example, for the three IP addresses from 10.1.1.1 to 10.1.1.3, there is a set of three NAT IP address from

50.1.1.1to 50.1.1.3. In case of one-to-one NAT, only IP address translation takes place, that is, if a packet travels from 10.1.1.1 to yahoo.com, the Foundry-Firewall only substitutes the source address in the IP header with the NAT IP address. The source port will be the same as the original.

The static NAT configuration shown in Figure 15.7 includes:

Private network address:10.1.1.1—10.1.1.3

Public (NAT) IP address range: 50.1.1.1—50.1.1.3

To create NAT pool with type static, specify the IP address and the ending NAT IP address. Add a policy with source IP address range and attach NAT pool to the policy.

Foundry/configure# firewall corp Foundry/configure/firewall corp object Foundry/configure/firewall corp/object# nat-pool addresspoolStat static 50.1.1.1 50.1.1.3

Foundry/configure/firewall corp/object# exit

Foundry/configure/firewall corp# policy 7 out

address 10.1.1.1

10.1.1.3 any any

 

Foundry/configure/firewall corp/policy 7 out#

apply-object nat-

pool addresspoolStat

 

Foundry/configure/firewall corp/policy 7 out#

exit 2

Foundry/configure#

 

Port Address Translation (Many to one)

NAT allows multiple IP addresses to be mapped to one address.

June 2004

© 2004 Foundry Networks, Inc.

15 - 59

Page 283 Page 285
Page 284
Image 284
Foundry Networks AR1216, AR3202-CL, AR3201-CL, AR1204, AR1208 Static NAT one to one, Port Address Translation Many to one
Page 283 Page 285
Top Page Image Contents