User guide
NAT command reference Network address translation - NAT
4-141
iMG/RG Software Reference Manual (IPNetwork Functions)
Description The NAT ENABLE COMMAND creates an IP address for the outside security interface;
however, you may want to use more than one outside IP address. For example, if your ISP
provides multiple IP addresses, you might want to map an outside address to an inside
interface that is your web server, and map another outside address to an inside interface
that is your mail server.
Note: Before you can add a Global Address Pool, you must enable a NAT object using the command NAT
ENABLE
This command creates a pool of outside network addresses. A Network Address Pool is a
range of IP addresses that is visible outside your network. NAT translates packets
between the outside addresses and the inside interfaces that each address is mapped to.
There are two ways to specify a range of IP addresses:
• Specify the interfacename IP address and a subnet mask address
• Specify the interfacename IP address that represents the first address in the range,
then specify the last address in the range
If you want to map IP addresses to individual hosts on an inside interface type, you can
use the command NAT ADD RESVMAP GLOBALIP.
Options The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Option Description Default Value
name An arbitrary name that identifies a global network address or
pool of addresses. It can be made up of one or more letters or
a combination of letters and digits, but it cannot start with a
digit.
N/A
inter-
face-
name
The name of an existing security interface (external or DMZ)
created and connected to an inside interface (DMZ or internal)
using the nat enable command. To display security interfaces,
use the SECURITY LIST INTERFACES command.
N/A
internal Maps the IP addresses to the internal interface type inside the
network.
N/A
dmz Maps the global addresses to the DMZ interface type inside the
network.
N/A
ipad-
dress
The IP address of the interfacename that is visible outside the
network.
N/A