9-34
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 9 Configuring Network Address Translation
NAT Examples
The FWSM already has a connected route for the inside network. These static routes allow the FWSM
to send traffic for the 192.168.100.0/24 network out the dmz interface to the gateway router at 10.1.1.2.
(You need to split the network into two because you cannot create a static route with the exact same
network as a connected route.) Alternatively, you could use a more broad route for the dmz traffic, such
as a default route.
If host 192.168.100.2 on the dmz network wants to initiate a connection to host 192.168.100.2 on the
inside network, the following events occur:
1. The dmz host 192.168.100.2 sends the packet to IP address 10.1.2.2.
2. When the FWSM receives this packet, the FWSM translates the source address from 192.168.100.2
to 10.1.3.2.
3. Then the FWSM translates the destination address from 10.1.2.2 to 192.168.100.2, and the packet
is forwarded.
Redirecting Ports
Figure 9-22 illustrates a typical network scenario in which the port redirection feature might be useful.
Figure 9-22 Port Redirection Using Static PAT
In the configuration described in this section, port redirection occurs for hosts on external networks as
follows:
• Telnet requests to IP address 209.165.201.5 are redirected to 10.1.1.6
• FTP requests to IP address 209.165.201.5 are redirected to 10.1.1.3
• HTTP request to FWSM outside IP address 209.165.201.25 are redirected to 10.1.1.5
• HTTP port 8080 requests to PAT address 209.165.201.15 are redirected to 10.1.1.7 port 80
To implement this scenario, complete the following steps:
Telnet Server
10.1.1.6
209.165.201.2510.1.1.1
Inside
FTP Server
10.1.1.3
Web Server
10.1.1.5
Web Server
10.1.1.7
Outside
104678
To Next Page
Loading...
Need help?
General