Using Dynamic NAT and PAT
You can also enter a global command for each interface using the same NAT ID. If you enter a global
command for the Outside and DMZ interfaces on ID 1, then the Inside nat command identifies traffic to
be translated when going to both the Outside and the DMZ interfaces. Similarly, if you also enter a nat
command for the DMZ interface on ID 1, then the global command on the Outside interface is also used
for DMZ traffic. (See
Figure 16-16
10.1.2.27
See the following commands for this example:
hostname(config)# nat (inside) 1 10.1.2.0 255.255.255.0
hostname(config)# nat (dmz) 1 10.1.1.0 255.255.255.0
hostname(config)# global (outside) 1 209.165.201.3-209.165.201.10
hostname(config)# global (dmz) 1 10.1.1.23
If you use different NAT IDs, you can identify different sets of real addresses to have different mapped
addresses. For example, on the Inside interface, you can have two nat commands on two different
NAT IDs. On the Outside interface, you configure two global commands for these two IDs. Then, when
traffic from Inside network A exits the Outside interface, the IP addresses are translated to pool A
addresses; while traffic from Inside network B are translated to pool B addresses. (See
you use policy NAT, you can specify the same real addresses for multiple nat commands, as long as the
the destination addresses and ports are unique in each access list.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
16-22
Figure
16-16).
global and nat Commands on Multiple Interfaces
Web Server:
www.cisco.com
Outside
Translation
209.165.201.3
Inside
10.1.2.27
Translation
10.1.1.15
Global 1: 209.165.201.3-
209.165.201.10
NAT 1: 10.1.1.0/24
Global 1: 10.1.1.23
NAT 1: 10.1.2.0/24
Translation
10.1.2.27
Chapter 16
209.165.201.4
DMZ
10.1.1.15
10.1.1.23:2024
Figure
Configuring NAT
16-17.) If
OL-20748-01