Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

121

122

123

124

125

126

127

128

129

130

ServerIron ADX NAT64 Configuration Guide 111

53-1002444-02

Configuring NAT

DRAFT: BROCADE CONFIDENTIAL

Configuring static NAT

Use the ip nat inside source static command to explicitly map a private address to a global address.

Static NAT ensures a specific host in the private network is always mapped to the global address

you specify. For a sample static NAT configuration, see “Static NAT configuration example” on

page 116.

For example, to map a private address 10.10.10.69 to a global address 209.157.1.69, you may

enter the following command.

ServerIronADX(config)# ip nat inside source static 10.10.10.69 209.157.1.69

Syntax: [no] ip nat inside source static <private-ip> <global-ip> [<priority>] [list <acl-id>]

The <private-ip> variable specifies the private IP address.

The <global-ip> variable specifies the global IP address. The ServerIron ADX supports up to 192

global IP addresses with static NAT.

The <priority> variable specifies a value of 1 or 2 and enables static NAT redundancy. A value of 2

means higher priority, and will be the owner of the NAT IP as long as the system is up.

The list parameter specifies the access list identified by the <acl-id> variable that will permit only

the configured TCP or UDP port numbers.

NOTE

You can configure a maximum of 192 static NAT entries on the ServerIron ADX.

NOTE

Static NAT requires unused virtual servers for its operation. For every static NAT entry, two virtual

server entries have to be present. The command show server resource will show the current number

of unused virtual server entries. The command system-max l4-virtual-server can be used to increase

the virtual server entries if required.

Configuring dynamic NAT

To configure dynamic NAT, perform the following tasks:

• Configure a standard or extended access control list (ACL) for each private address range for

which you want to provide NAT. For ACL configuration details, refer to “Configuring rule-based

ACLs” on page 65.

NOTE

Named ACLS are not supported with NAT. You must use a numbered ACL.

• Configure a pool for each range of consecutive global addresses, which would dynamically

map to the private addresses specified in the ACLs. Each pool must contain a range with no

gaps. If your global address space has gaps, configure separate pools for each consecutive

range within the address space.

• Associate each range of private addresses (identified by a standard or extended ACL) with a

pool.