Similarly, NAT ID 1 can be used on the DMZ interface, and the global command on the outside interface is also
used for DMZ traffic.
Example 6-15. Configuring the Same NAT ID for Multiple Global Commands
hostname(config)# nat (inside) 1 10.1.1.0 255.255.255.0
hostname(config)# nat (dmz) 1 10.2.2.0 255.255.255.0
hostname(config)# global (outside) 1 209.165.201.1-209.165.201.253
hostname(config)# global (outside) 1 209.165.201.254
hostname(config)# global (dmz) 1 10.2.2.254
Static NAT
Static NAT creates a fixed translation (one-to-one) of real (private) addresses to mapped (public) addresses. A
persistent translation rule exists (mapped address is the same) for each consecutive connection with static NAT.
Because the mapped address is always the same, it allows the destination-side network to initiate traffic to a
translated host. The static command is used to permanently associate a host address (or entire subnet) on a
higher security-level interface with a host address on a lower-security level interface. Static NAT and PAT can be
used for bidirectional communication. Figure 6-13 shows an example.
Figure 6-13. Static NAT
[View full size image]
There are several ways to configure address translation.
Pages:
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302