Support User Manuals

Brocade Communications Systems 12.4.00a Home Theater Server User Manual

Open as PDF

of 226

ServerIron ADX Security Guide 99

53-1002440-03

Configuring NAT

4

Configuring an address pool

Use the ip nat pool command to configure the address pool. For an example, refer to “Dynamic NAT

configuration example 1” on page 100.

Syntax: [no] ip nat pool <pool-name> <start-ip> <end-ip> netmask <ip-mask> | prefix-length

<length> | port-pool-range <priority-value>

The <pool-name> parameter specifies the name assigned to the pool. It can be up to 255

characters long and can contain special characters and internal blanks. If you use internal blanks,

you must use quotation marks around the entire name.

The <start-ip> parameter specifies the IP address at the beginning of the pool range. Specify the

lowest-numbered IP address in the range.

The <end-ip> parameter specifies the IP address at the end of the pool range. Specify the

highest-numbered IP address in the range.

NOTE

The address range cannot contain any gaps. Make sure you own all the IP addresses in the range.

If the range contains gaps, you must create separate pools containing only the addresses you own.

The netmask <ip-mask> | prefix-length <length> parameter specifies a classical sub-net mask

(example: netmask 255.255.255.0) or the length of a CIDR prefix (example: prefix-length 24). The

ServerIron ADX supports up to 255 global IP addresses.

The port-pool-range <priority-value> parameter enables dynamic NAT redundancy, where the

<priority-value> can be 1 or 2. A range value of 2 indicates higher priority for the NAT IP. A 2 value

also means the source ports allocated for the NAT IP are from the higher range.

Associating a range of private addresses with a pool and enabling PAT

Use ip nat inside source list to associate a private address range with a pool of Internet addresses

and enable PAT. For an example, refer to “Dynamic NAT configuration example 1” on page 100.

Syntax: [no] ip nat inside source list <acl-id> pool <pool-name>

The inside source keyword specifies that the translation applies to private addresses sending

traffic to the Internet (inside source).

The list <acl-id> parameter specifies a standard or extended ACL. Named ACLS are not supported

with NAT. You must use a numbered ACL.

The pool <pool-name> parameter specifies the pool name. You must create the pool before you

can use it with this command.

NAT configuration examples

The following sections provide both Dynamic and Static NAT configuration examples.

NOTE

A ServerIron ADX can have a maximum of 255 global IP addresses, in a single pool or multiple pools.

previous next