9-10
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 9 Configuring Network Address Translation
NAT Overview
static NAT translation that translates the local address only for traffic to and from the 209.165.201.0/27
network. A translation does not exist for the 209.165.200.224/27 network, so the local host cannot
connect to that network, nor can a host on that network connect to the local host.
Figure 9-5 Policy Static NAT with Destination Address Translation
Note Policy NAT does not support SQL*Net, but it is supported by regular NAT. See the “Inspection Engine
Overview” section on page 13-1 for information about NAT support for other protocols.
Note The number of access control entries (ACEs) used in policy NAT statements is limited. See the
“Maximum Number of ACEs” section on page 10-7 for information about limits on certain types of
rules.
Outside NAT
When hosts on a lower security interface (outside) access hosts on a higher security interface (inside),
you do not have to perform NAT on the outside hosts. (See the “Configuring Interfaces” section on
page 6-6 for more information about security levels.) You can, however, optionally configure NAT on
outside interfaces so that the outside host address is translated. Because the inside host is also typically
translated using a static NAT statement, both host addresses are translated.
209.165.201.11 209.165.200.225
FWSM
DMZ
Inside
No Translation
10.1.2.27
10.1.2.27
10.1.2.0/24
209.165.201.0/27 209.165.200.224/27
Dest. Addr Translation
209.165.202.129
114762
To Next Page
Loading...
Need help?
General