Cisco Cisco Clean Access 3.5
4-26
Cisco Clean Access Server Installation and Administration Guide
OL-7045-01
Chapter 4 Clean Access Server Managed Domain
Configure 1:1 Network Address Translation (NAT)
Configure 1:1 Network Address Translation (NAT)
In 1:1 NATing, there is a one-to-one correspondence between the external and internal addresses
involved in the translation (in contrast to the default NAT behavior, in which many internal addresses
share a single external address).
involved in the translation (in contrast to the default NAT behavior, in which many internal addresses
share a single external address).
1:1 NATing conceals your internal network architecture, but does not economize on external IP
addresses, since you must have an external address for every host that needs to communicate externally.
It can be used in conjunction with the default, dynamic NATing, allowing you to make email servers,
web servers or any other services accessible from the Internet.
addresses, since you must have an external address for every host that needs to communicate externally.
It can be used in conjunction with the default, dynamic NATing, allowing you to make email servers,
web servers or any other services accessible from the Internet.
You can map a range of addresses, or map individual addresses along with port numbers.
For a range, you need to specify the starting point for both the internal and external address ranges and
the length of the range. For example, a configuration of:
the length of the range. For example, a configuration of:
•
public range begin: 11.1.1.2; port: *
•
private range begin: 192.168.151.200; port: *
•
range: 4
Results in the following address mappings:
•
192.168.151.200 <-> 11.1.1.2
•
192.168.151.201 <-> 11.1.1.3
•
192.168.151.202 <-> 11.1.1.4
•
192.168.151.203 <-> 11.1.1.5
By default, the port numbers are passed through unchanged (as indicated by the asterisk (*) port value).
By specifying an address range of 1, you can map single addresses. This mapping may include port
mappings. For example, the following assignment maps incoming traffic for 11.1.1.6:8756 to the internal
address 192.168.151.204:80:
mappings. For example, the following assignment maps incoming traffic for 11.1.1.6:8756 to the internal
address 192.168.151.204:80:
•
public range begin: 11.1.1.6; port: 8756
•
private range begin: 192.168.151.204; port: 80
•
range: 1
Caution
Make sure you do not include a particular address in more than one mapping at a time, for example, by
including it in a range and as an individual mapping.
including it in a range and as an individual mapping.
Configure 1:1 NATing
1.
Go to Device Management > CCA Servers > Manage [CAS_IP] > Advanced > 1:1 NAT.
2.
Select Enable NAT 1:1 Mapping and click Update.
3.
Choose the Protocol for which NATing is performed. Options are TCP, UDP, or both.
4.
Type the first address in the public address range in the Public IP Range Begin field. An asterisk
in an address or port field results in the value passing translation unchanged.
in an address or port field results in the value passing translation unchanged.
5.
Type the first address in the private address range in the Private IP Range Begin field.
6.
Specify the length of the range, that is, the number of sequentially numbered addresses to be
translated.
translated.