Examples for Network Object NAT
Following are some configuration examples for network object NAT.
Providing Access to an Inside Web Server (Static NAT)
The following example performs static NAT for an inside web server. The real address is on a private network, so a public address is required. Static NAT is necessary so hosts can initiate traffic to the web server at a fixed address.
Procedure
Step 1 |
Create a network object for the internal web server.
|
Step 2 |
Configure static NAT for the object:
|
NAT for Inside Hosts (Dynamic NAT) and NAT for an Outside Web Server (Static NAT)
The following example configures dynamic NAT for inside users on a private network when they access the outside. Also, when inside users connect to an outside web server, that web server address is translated to an address that appears to be on the inside network.
Procedure
Step 1 |
Create a network object for the dynamic NAT pool to which you want to translate the inside addresses.
|
Step 2 |
Create a network object for the inside network.
|
Step 3 |
Enable dynamic NAT for the inside network using the dynamic NAT pool object.
|
Step 4 |
Create a network object for the outside web server.
|
Step 5 |
Configure static NAT for the web server.
|
Inside Load Balancer with Multiple Mapped Addresses (Static NAT, One-to-Many)
The following example shows an inside load balancer that is translated to multiple IP addresses. When an outside host accesses one of the mapped IP addresses, it is untranslated to the single load balancer address. Depending on the URL requested, it redirects traffic to the correct web server.
Procedure
Step 1 |
Create a network object for the addresses to which you want to map the load balancer.
|
Step 2 |
Create a network object for the load balancer.
|
Step 3 |
Configure static NAT for the load balancer applying the range object.
|
Single Address for FTP, HTTP, and SMTP (Static NAT-with-Port-Translation)
The following static NAT-with-port-translation example provides a single address for remote users to access FTP, HTTP, and SMTP. These servers are actually different devices on the real network, but for each server, you can specify static NAT-with-port-translation rules that use the same mapped IP address, but different ports.
Procedure
Step 1 |
Create a network object for the FTP server and configure static NAT with port translation, mapping the FTP port to itself.
|
Step 2 |
Create a network object for the HTTP server and configure static NAT with port translation, mapping the HTTP port to itself.
|
Step 3 |
Create a network object for the SMTP server and configure static NAT with port translation, mapping the SMTP port to itself.
|