Define multiple static PAT statements for each server that uses the same mapped (public) IP address
with ports mapped to different real IP addresses:
real_ip_A / public_ip_A / TFTP
real_ip_B / public_ip_A / HTTP
real_ip_C / public_ip_A / SMTP
Figure 6-14 shows how to configure static PAT statements for multiple services mapped to the same public IP
address.
Figure 6-14. Static PAT
[View full size image]
Bypassing NAT When NAT Control Is Enabled
As discussed earlier, when NAT control is enabled, each connection initiated requires a corresponding NAT rule.
One of the following three methods can be used to bypass address translation for specific hosts or networks
when NAT control is enabled:
Identity NAT
Static Identity NAT
NAT Exemption
Identity NAT (nat 0 Command)
Identity NAT is similar to Dynamic NAT, but it translates the real IP address to the same mapped IP address so
that no need exists for a mapped global pool. Only "translated" hosts can create NAT translations, and return
traffic is allowed back. Identity NAT can be used only for unidirectional communication. Even though the
mapped address is the same as the real address, a connection cannot be initiated from the Outside to the
Inside.
Pages:
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304