Configuring nat, Configuring static nat – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 72

background image

60

Brocade Virtual ADX Security Guide

53-1003250-01

Configuring NAT

4

Configuring NAT

The following types of NAT are supported:

Static NAT — Maps a specific global IP address (Internet IP address) with a specific private
address. Static translation ensures the software always maps the same public address to a
given private address. For example, you can map 10.1.1.1 to 192.168.1.1. Use static NAT when
you want a specific host in the private network to always use the same Internet address when
communicating outside the private network. Virtual ADX supports both inside to outside
network translation and outside to inside network Nat translation.

Dynamic NAT — Maps private addresses to Internet addresses. The Internet addresses come
from a pool of addresses that you configure. For example, you can dynamically translate the
global pool 192.168.1.10 - 19 to private pool 10.1.1.1 - 254. In

Figure 3

, the pool is the range

of addresses from 192.168.1.2/24 – 192.168.1.254/24. With dynamic NAT, the software
uses a round robin technique to select a global IP address to map to a private address from a
pool you configure.
Dynamic NAT uses Port Address Translation (PAT). Otherwise, the return traffic cannot be
reliably de-multiplexed to the correct internal client.

NOTE

You can configure both dynamic and static NAT on the same device. When you configure both types
of NAT, static NAT takes precedence over dynamic NAT. Thus, if you configure a static NAT translation
for a private address, the Brocade Virtual ADX always uses that translation instead of creating a
dynamic one.

NOTE

The Brocade Virtual ADX supports IP NAT with an overlapping IP address between a NAT public IP
and SLB VIP addresses only if the inside NAT clients are real servers bound to the VIP address. If you
unbind the real servers, this NAT is not supported. The inside NAT clients are no longer real servers
after they are unbound from the VIP address and the outside NAT IP address overlaps the VIP IP
address.

The Brocade Virtual ADX only supports NAT for non-real servers as inside NAT clients if the public IP
address does not overlap with any VIP in the configuration.

Configuring static NAT

Use the ip nat inside source static command to explicitly map a private address to an Internet
address. Static NAT ensures a specific host in the private network is always mapped to the Internet
address you specify.

To map a private address 10.10.10.69 to an Internet address 192.168.1.69, enter the command
such as the following.

Virtual ADX(config)#ip nat inside source static 10.10.10.69 192.168.1.69

Syntax: [no] ip nat inside source static private-ip global-ip [priority] list [acl-id]

The private-ip variable specifies the private IP address.

The global-ip variable specifies the IP address. The Brocade Virtual ADX supports up to 255 global
IP addresses.

See also other documents in the category Brocade Computer Accessories: