User's Manual



49JadeOSUserManual

before packets are forwarded to another network.

As part of this capability, NAT can be configured to advertise only one address for the

entire network to the outside world. This provides additional security by effectively

hiding the entire internal network behind that address. NAT offers the dual functions

of security and address conservation and is typically implemented in remote-access

environments.

Basically, NAT allows a single device, such as a router, to act as an agent between the

Internet (or public network) and a local network (or private network), which means

that only a single unique IP address is required to represent an entire group of com-

puters to anything outside their network.

7.3.1 Configuring SNAT

Figure 7-1 source address transfer

To create NAT pool, use the following command in config mode:

ip nat pool <pool-name> <start-ip> <end-ip> <dest-ip>

To create SNAT rule in session ACL, use the following command:

network <subnet> <mask> any any src-nat pool <pool-name>

Using figure 7-1 as an example, step 1 and step 2 show how to specify the user policy

in VLAN 100. Let the traffic from users on 200.0.0.0/24 subnet be SNATed when

they access public internet server 155.0.0.150.

Step 1 Create NAT address pool

(JadeOS)(config)# ip nat pool nat_pool 150.0.0.1 150.0.0.1 160.0.0.1

Step 2 Configure session ACL, add a SNAT rules specifying what traffic is to be

translated and NAT pool

(JadeOS)(config)#ip access-list session tacl

(JadeOS)(config-sess-tacl)# network 200.0.0.0 255.255.255.0 any any src-nat pool nat_pool

Step 3 and Step 4 show how to apply ACL to VLAN 100, please refer to chapter 9.4

for more information.