beautypg.com

Amer Networks E5Web GUI User Manual

Page 503

background image

Translating Both Source and Destination Address

It also possible to have two SAT rules triggering for the same connection. Although unusual, it is
possible to have one SAT rule that translates the source IP address and a separate second SAT
rule that translates the destination address.

SAT IP Rule Properties

A SAT IP rule is similar to other types of IP rules in that it triggers on a combination of source
network/interface plus destination network/interface plus service. A SAT IP rule has the following
additional properties:

SAT Translate

This specifies the address that will be changed and can be one of:

i.

Destination IP - The original destination IP will be translated.

ii.

Source IP - The original source IP will be translated.

New IP Address

The new address for the translation.

New Port

The new port number used for translation. As explained below, port translation happens
independently of address translation and follows slightly different rules.

All-to-One Mapping

This is enabled if the mapping is to be many IP addresses to a single IP address. It is not used
for port translation as all-to-one port translation is not possible.

When using an IP Policy object instead of an IP rule for SAT, the properties are slightly different
and this is discussed further in Section 7.4.7, “Using an IP Policy for SAT”.

Specifying the Type of IP Address Mapping

cOS Core recognizes the type of SAT IP address mapping using the following rules:

If the original address is a single IP address then a one-to-one mapping is always performed.
The new IP address should also be a single address. This is the most common usage of SAT.

If the original address is an IP range or network then a many-to-many mapping is always
performed unless the All to One property is enabled in which case an all-to-one mapping is
always performed.

With a many-to-many mapping, a single new IP address is specified and the mappings are
done incrementally starting from that address. If an entire network is being transposed to
another network then the new IP address should be the first address in the new network. For
example, 192.168.1.0.

An all-to-one mapping is performed if the All to One property is enabled for the SAT IP rule.
For this, the original address should be a range or network and the new address should be a
single IP address.

A SAT rule with an original, untranslated address of all-nets always results in an all-to-one
mapping.

Chapter 7: Address Translation

503

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: