beautypg.com

Many-to-many ip translation – Amer Networks E5Web GUI User Manual

Page 509

background image

Original Destination Address

Translated Destination Address

194.1.2.19

192.168.0.53

194.1.2.20

192.168.0.54

194.1.2.21

192.168.0.55

194.1.2.22

192.168.0.56

194.1.2.23

192.168.0.57

These translations will mean:

Attempts to communicate with 194.1.2.16 will result in a connection to 192.168.0.50.

Attempts to communicate with 194.1.2.22 will result in a connection to 192.168.0.56.

An example of an application for this feature is when there are several protected servers in a
DMZ, and each server is to be accessible using a unique public IPv4 address.

Example 7.5. Many-to-Many IP Translation

In this example, a SAT IP rule will translate from five public IPv4 addresses to five web servers
located in a DMZ. The security gateway is connected to the Internet via the wan interface and the
public IPv4 addresses are the range 195.55.66.77 to 195.55.66.81. The web servers have the
private IPv4 address range 10.10.10.5 to 10.10.10.9 and are on the network connected to the dmz
interface.

The following steps need to be performed:

Define an address object containing the public IPv4 addresses.

Define another address object for the base of the web server IP addresses.

Publish the public IPv4 addresses on the wan interface using the ARP publish mechanism.

Create a SAT rule that will perform the translation.

Create an Allow rule that will permit the incoming HTTP connections.

Since the five public IPv4 addresses are being ARP published so these addresses are not routed
on core, the SAT destination interface is wan and not core.

Command-Line Interface

Create an address object for the public IPv4 addresses:

Device:/> add Address IP4Address wwwsrv_pub

Address=195.55.66.77-195.55.66.81

Now, create another object for the base of the web server IP addresses:

Device:/> add Address IP4Address wwwsrv_priv_base Address=10.10.10.5

Publish the public IPv4 addresses on the wan interface using ARP publish. One ARP item is
needed for every IP address:

Device:/> add ARP Interface=wan IP=195.55.66.77 mode=Publish

Repeat this for all the five public IPv4 addresses.

Chapter 7: Address Translation

509

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: