Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual
Page 75
Brocade Virtual ADX Security Guide
63
53-1003250-01
Configuring NAT
4
The Brocade Virtual ADX is connected to the Internet through a router. The outside interface of the
Brocade Virtual ADX has a global IP address of 192.168.1.1. The Brocade Virtual ADX also has a
pool of global IP addresses, which are used to map internal IP addresses.
Minimum required commands for dynamic NAT configuration.
1. Identify an internal and external interface on the Brocade Virtual ADX. In this example,
Ethernet 2 and 1 are used.
int eth 2
int eth 1
2. Assign IP addresses to the interfaces and define the outside and inside boundaries of the NAT
mechanism.
Virtual ADX(config)#int eth 2
Virtual ADX(config-if-e10000-2)#ip address 192.168.1.1/24
Virtual ADX(config-if-e10000-2)#ip nat outside
Virtual ADX(config-if-e10000-2)#int eth 1
Virtual ADX(config-if-e10000-1)#ip address 10.10.10.1/24
Virtual ADX(config-if-e10000-1)#ip nat inside
On Router (R) code, enable NAT on interfaces (both ip nat inside and outside should be
enabled). The interfaces can also be physical interfaces (not necessarily virtual interfaces).
Virtual ADX(config-ve-2)#ip nat inside
Virtual ADX(config-ve-3)#ip nat outside
3. Configure a numbered ACL and permit the IP addresses on the inside. Then define the global
address pool and enable dynamic NAT.
Virtual ADX(config)#access-list 101 permit ip 10.10.1.0/24 any
Virtual ADX(config)#ip nat pool global_pool 192.168.1.2 192.168.1.254
prefix-length 24
Make sure you specify permit in the ACL, rather than deny. If you specify deny, the Brocade
Virtual ADX will not provide NAT for the addresses.
4. Tie the inside source list to the global pool and enable PAT (overload) to send traffic out the
external interface.
Virtual ADX(config)#ip nat inside source list 101 pool global_pool
5. rconsole into the BP and verify the translation is working correctly.
rconsole x/x
show ip nat statistic
show ip nat translation