Setting nat rules, Static, Dynamic – Cabletron Systems SMARTSWITCH ROUTER 9032578-05 User Manual

SmartSwitch Router User Reference Manual

221

Chapter 16: Network Address Translation Configuration Guide

Setting NAT Rules

Static

You create NAT static bindings by entering the following command in Configure mode.

Dynamic

You create NAT dynamic bindings by entering the following command in Configure
mode.

For dynamic address bindings, you define the address pools with previously-created
ACLs. You can also specify the enable-port-overload parameter to allow PAT.

Forcing Flows through NAT

If a host on the outside global network knows an inside local address, it can send a
message directly to the inside local address. By default, the SSR will route the message to
the destination. You can force all flows between the inside local pool and the outside
global network to be translated. This prevents a host on the outside global network from
being allowed to send messages directly to any address in the local address pool.

You force address translation of all flows to and from the inside local pool by entering the
following command in Configure mode.

Enable NAT with static address
binding.

nat create static protocol ip|tcp|udp

local-ip

global-ip

[local-port

|

any]

[global-port

|any]

Enable NAT with dynamic
address binding.

nat create dynamic local-acl-pool

acl>

global-pool

addr-list/ip-addr-mask>

[matches-interface

]

[

enable-ip-overload]

Force all flows to and from local
address pool to be translated.

nat set secure-plus on|off