IP Setup and Network Address Translation 9-5
In order to support this type of mapping, you define two address ranges. First, you define a public range which
contains the first and last public address to be used and the way in which these addresses should be used
(PAT, static, or dynamic). You then configure an address map which defines the private IP address or addresses
to be used and which public range they should be mapped to. You add the address map to the list of address
maps which are configured, creating a Map List. The mappings in the Map List are order-dependent and are
compared in order from the top of the list to the bottom. If a particular resource is not available, subordinate
mappings can be defined that will redirect traffic.
Additional Features
■Multiple public addresses, none of which have to be the same as the Connection Profile WAN IP address.
Any public addresses not associated with the Connection Profile WAN IP address must have a static route
pointing to it from a router on the public network if public users are expected to be able to access the
NATed machines or services.
■Default PAT to a DHCP- or PPP-assigned address.
■1:1 Dynamically Assigned NAT Mapping. This allows internal addresses to be temporarily assigned a public
IP address to use for NAT. When the private host is finished communicating, the public IP address is made
available for use by other internal hosts again.
■1-to-1 static NAT mapping.
An internal private address is permanently mapped to an external address. TCP and UDP port addresses
are not altered.
■Multiple Many-to-1 PAT mappings on a single interface.
PAT addresses may be assigned to specific private address subnets; not all internal machines need to be
included on a PAT mapping list.
■Coexistent mapped and unmapped traffic on a public interface.
If the router's IP address is not included in a NAT list, it will be invisible to the external network.
■Mapped services (exports) may use multiple public addresses.
■NAT maps per WAN interface, similar to the filter rules.
Private Addresses IP HostPublic Addresses NAT Type
192.168.1.253
192.168.1.254
206.1.1.1
206.1.1.2
206.1.1.3
206.1.1.4
1:1 Static
1:1 Static
206.1.1.5
206.1.1.6
192.168.1.1 – 252
192.168.1.1 – 252
Web/FTP Server
Email Server
1:1 Dynamic
1:1 Dynamic
LAN Users
LAN Users
206.1.2.1 – 6 LAN Users
1:Many PAT
(possible later)
192.168.1.1
}192.168.1.1 – 252