CHAPTER 10: Configuring One-to-One NAT

S

S

9

4Enter the beginning IP address of the valid address range being mapped in the Public Range Begin field. This address should be assigned by your ISP and be in the same logical subnet as the NAT public IP address.

Alert: Do not include the SonicWALL security appliance WAN IP (NAT Public) Address or the WAN Gateway (Router) Address in this range.

5Enter the number of public IP addresses that should be mapped to private addresses in the Range Length field. The range length can not exceed the number of valid IP addresses. Up to 64 ranges can be added. To map a single address, enter a Range Length of 1.

6Click OK.

7Click Apply. Once the SonicWALL security appliance has been updated, a message confirming the update is displayed at the bottom of the browser window.

Alert: One-to-One NAT maps valid, public IP addresses to private LAN or OPT IP addresses. It does not allow traffic from the Internet to the private LAN.

Tip: After One-to-One NAT is configured, create an Allow rule to permit traffic from the Internet to the private IP address(es) on the LAN or OPT.

To edit an existing entry in the One-to-One Network Address Translation (NAT) Ranges, click the edit

icon. To delete an entry, click the delete

icon. To delete all entries, click Delete All.

One-to-One NAT Configuration Example

This example assumes that you have a SonicWALL security appliance running in the NAT-enabled mode, with IP addresses on the LAN in the range 192.168.1.1 - 192.168.1.254, and a WAN IP address of 208.1.2.2. Also, you own the IP addresses in the range 208.1.2.1 - 208.1.2.6.

SAlert: If you have only one IP address from your ISP, you cannot use One-to-One NAT.

You have three web servers on the LAN with the IP addresses of 192.168.1.10, 192.168.1.11, and 192.168.1.12. Each of the servers must have a default gateway pointing to 192.168.1.1, the SonicWALL security appliance LAN IP address.

You also have three additional IP addresses from your ISP, 208.1.2.4, 208.1.2.5, and 208.1.2.6, that you want to use for three additional web servers. Use the following steps to configure One-to-One NAT:

1Select Enable One-to-One NAT.

2Click Add. The Add NAT Entry window is displayed

3Enter in the IP address, 192.168.1.10, in the Private Range Begin field.

4Enter in the IP address, 208.1.2.4, in the Public Range Begin field.

5Enter in 3 in the Range Length field.

9Tip: You can configure the IP addresses individually, but it is easier to configure them in a range. However, the IP addresses on both the private and public sides must be consecutive to configure a range of addresses.

6Click OK.

7Click Apply.

8Click Firewall, then Access Rules.

9Click Add.

82

SONICWALL SONICOS STANDARD 3.0 ADMINISTRATORS GUIDE

Page 100 Page 102
Page 101
Image 101
SonicWALL 3 manual One-to-One NAT Configuration Example, Select Enable One-to-One NAT, Click Firewall, then Access Rules
Page 100 Page 102
Top Page Image Contents