17-32
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 17 Applying NAT
NAT Examples
See the “Configuring Dynamic NAT or PAT” section on page 17-22 for information about the other
options.
By default, this command exempts traffic from inside to outside. If you want traffic from outside to
inside to bypass NAT, then add an additional nat command and enter outside to identify the NAT
instance as outside NAT. You might want to use outside NAT exemption if you configure dynamic NAT
for the outside interface and want to exempt other traffic.
For example, to exempt an inside network when accessing any destination address, enter the following
command:
hostname(config)# access-list EXEMPT permit ip 10.1.2.0 255.255.255.0 any
hostname(config)# nat (inside) 0 access-list EXEMPT
To use dynamic outside NAT for a DMZ network, and exempt another DMZ network, enter the following
command:
hostname(config)# nat (dmz) 1 10.1.2.0 255.255.255.0 outside dns
hostname(config)# global (inside) 1 10.1.1.45
hostname(config)# access-list EXEMPT permit ip 10.1.3.0 255.255.255.0 any
hostname(config)# nat (dmz) 0 access-list EXEMPT
To exempt an inside address when accessing two different destination addresses, enter the following
commands:
hostname(config)# access-list NET1 permit ip 10.1.2.0 255.255.255.0 209.165.201.0
255.255.255.224
hostname(config)# access-list NET1 permit ip 10.1.2.0 255.255.255.0 209.165.200.224
255.255.255.224
hostname(config)# nat (inside) 0 access-list NET1
NAT Examples
This section describes typical scenarios that use NAT solutions, and includes the following topics:
• Overlapping Networks, page 17-33
• Redirecting Ports, page 17-34
To Next Page
Loading...
Need help?
General