Standard nat, Double nat – Allied Telesis AR300 series User Manual

20

Release Note

Software Release 2.3.1

C613-10325-00 REV B

Figure 5: Using enhanced NAT in an IPsec tunnel with different IPsec and default gateways.

Standard NAT

To translate the source address of traffic received on the private interface eth0
and destined for addresses in the range 210.25.4.1-210.25.4.99 to the global
subnet 210.25.4.0, use the command:

ADD FIREWALL POLICY=zone1 RULE=10 ACTION=NAT NATTYPE=STANDARD

INT=eth0 PROTOCOL=all GBLIP=210.25.4.0

NATMASK=255.255.255.0 REMOTEIP=210.25.4.1-210.25.4.99

To provide a corresponding rule on the public interface eth1 to translate to the
private subnet 10.1.2.0, use the command:

ADD FIREWALL POLICY=zone1 RULE=11 ACTION=NAT NATTYPE=STANDARD

INT=eth1 PROTOCOL=all GBLIP=210.25.4.0 IP=10.1.2.0

NATMASK=255.255.255.0 REMOTEIP=210.25.4.1-210.25.4.99

Double NAT

To translate both the source and destination addresses of traffic received on the
private interface with a source address of 192.168.0.74 to a destination address
of 210.25.7.1 and new source address of 210.25.4.1, use the command:

ADD FIREWALL POLICY=zone1 RULE=50 ACTION=NAT NATTYPE=DOUBLE

INT=eth1 PROTOCOL=all IP=192.168.0.74 GBLIP=210.25.4.1

GBLREMOTEIP=210.25.7.1

LAN 2

192.168.1.1 - 192.168.1.100

A

L
L

F

I

R
E

W

NAT

Private interface:
192.168.2.100

LAN 1

192.168.2.0 subnet

Internet

Default

gateway

IPsec

gateway

IPsec tunnel

192.168.1.53

Apparent source host

FW-FG1