SonicWALL Internet Security Appliances One-to-One NAT Configuration Example

Advanced Features Page 1 61

One-to-One NAT Configuration Example

This example assumes that you have a SonicWALL running in the NAT-enabled mode, with IP

addresses on the LAN in the range 192.168.1.1 - 192.168.1.254, and a WAN IP address of

208.1.2.2. Also, you o wn the IP addresses in the rang e 208.1.2.1 - 208.1.2.6.

Alert If you have only one IP address from your ISP, you cannot use One-to-One NAT.

You have three web s ervers on the LAN with the IP ad dresses of 192.168.1.10, 192.168 .1.11, and

192.168.1.12. Each of the servers must ha ve a default gatew ay pointing to 192 .168.1.1, the

SonicWALL LAN IP address.

You also have three additional IP a ddresse s from your ISP, 208. 1.2.4, 208 .1.2.5, and 208.1.2 .6,

that you want to use for three additional web servers. Use the following steps to configure One-to-

One NAT:

1. Log into the Management Interface, and click Advanced. Then click the One-to-One NAT tab.

2. Select Enable One-to -One NAT and click Update.

3. Type in the IP address, 192.168.1.10, in the Priv at e Ran ge Be gin fi el d .

4. Type in the IP address, 2 08.1.2.4, in the Public Range B egin field.

5. Type in 3 in th e Range length field.

Tip You can configure the IP addresses individually, but it is easier to configure them in a range.

However, the IP addresses on both the private and pub lic sides must be consecutive to configure a

range of addresses.

6. Click Update.

7. Click Access, then the Rules tab.

8. Click Add New Rule and configure the following settings:

•Allow

•Service - HTTP

•Source - WAN

•Destination - LAN 192.168.1.10 - 192.168.1.12

•Apply this rule - always

9. Click Update and restart the SonicWALL.

The server configurations take effect after the SonicWALL restar ts and th e configu ration is updated.

Requests for http://208.1.2.4 are answered by the server at 192.168.1.10. Requests for

http://208.1.2.5 are ans wer ed by the se rver at 1 92.16 8.1.1 1, a nd r equest s fo r htt p://2 08.1. 2.6

are answered by the server at 1 92.168.1.12. From the LAN, the servers can onl y be accessed using

the private IP addresses (192 .168 .1. x), not t he p ubli c IP ad dr esse s or domai n n ames . For examp le ,

from the LAN, you must use URLs like http://192.168.1.10 to reach the web servers. An IP address,

such as 192.168.1.10, on the LAN ca nn o t b e us ed in both public LAN server configurations and in

public LAN server One-to-One NAT configurations.