EasyManuals Logo
Home>Cisco>Switch>Catalyst 6500 Series

Cisco Catalyst 6500 Series User Manual

Cisco Catalyst 6500 Series
392 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #173 background imageLoading...
Page #173 background image
9-29
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 9 Configuring Network Address Translation
Bypassing NAT
match, more exclusive nat statements are matched before general statements. The following example
shows the Telnet static statement, the more exclusive nat statement for initiated traffic from the Telnet
server, and the statement for other inside hosts, which uses a different global address.
FWSM/contexta(config)# static (inside,outside) tcp 10.1.2.14 telnet 10.1.1.15 telnet
netmask 255.255.255.255
FWSM/contexta(config)# nat (inside) 1 10.1.1.15 255.255.255.255
FWSM/contexta(config)# global (outside) 1 10.1.2.14
FWSM/contexta(config)# nat (inside) 2 10.1.1.0 255.255.255.0
FWSM/contexta(config)# global (outside) 2 10.1.2.78
To translate a well-known port (80) to another port (8080), enter the following command:
FWSM/contexta(config)# static (inside,outside) tcp 10.1.2.45 80 10.1.1.16 8080 netmask
255.255.255.255
Bypassing NAT
You can bypass NAT using identity NAT, static identity NAT, or NAT exemption. See the “Bypassing
NAT” section on page 9-7 for more information about these methods. This section includes the following
topics:
Configuring Identity NAT, page 9-29
Configuring Static Identity NAT, page 9-30
Configuring NAT Exemption, page 9-31
Configuring Identity NAT
Identity NAT translates the local IP address to the same IP address, and only local traffic can originate
connections. (For same security level interfaces, hosts connected to any interface on the same security
level can initiate traffic.)
Figure 9-18 shows a typical identity NAT scenario.
Figure 9-18 Identity NAT
Note If you change the NAT configuration, and you do not want to wait for existing translations to time out
before the new NAT information is used, you can clear the translation table using the clear xlate
command. However, clearing the translation table disconnects all current connections.
To configure identity NAT, enter the following command:
FWSM/contexta(config)# nat (
local_interface
) 0
local_ip
[
mask
[dns] [outside |
[norandomseq] [[tcp]
tcp_max_conns
[
emb_limit
]] [udp
udp_max_conns
]]]
209.165.201.1 209.165.201.1
Inside
FWSM
Outside
209.165.201.2 209.165.201.2
114404

Table of Contents

Other manuals for Cisco Catalyst 6500 Series

Preview: Command Reference
Command Reference160 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Configuration Note
Configuration Note212 pages
Preview: Installation Note
Installation Note36 pages
Preview: Hardware Installation Guide
Hardware Installation Guide134 pages
Preview: Troubleshooting
Troubleshooting10 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 6500 Series and is the answer not in the manual?

Cisco Catalyst 6500 Series Specifications

General IconGeneral
BrandCisco
ModelCatalyst 6500 Series
CategorySwitch
LanguageEnglish

Related product manuals