No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Differentiated Policy-Based NAT Configuration on USG5500 on an Enterprise Network

Publication Date:  2012-07-25 Views:  33 Downloads:  0
Issue Description
Differentiated NAT for data flows optimizes the allocation of the scarce resources for the wide variety of customer demands.
Alarm Information
None.
Handling Process
Configure the USG5500 as follows:
                                Step 1     Set the IP addresses of the interfaces, define routing polices, and add routes to the routing table.
interface GigabitEthernet0/0/0
ip address 10.1.1.1 255.255.255.0
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/2
nat-policy interzone trust untrust outbound
policy 1
policy source 10.1.1.0 mask 24
                                Step 2     Configure the NAT policy.
nat address-group 1 202.168.10.10 202.168.10.10
nat address-group 2 202.168.10.20 202.168.10.20
nat server 0 global 202.168.10.10 inside 192.168.1.2 no-reverse
nat server 1 global 202.168.10.20 inside 192.168.1.2 no-reverse
                                Step 3     Apply the NAT policy on the Trust zone.
policy interzone trust untrust outbound
policy 1
action permit
policy destination address-set add1
policy destination address-set add2
#
nat-policy interzone trust untrust outbound
policy 1
action source-nat
policy destination address-set add1
address-group 1
policy 2
action source-nat
policy destination address-set add2
address-group 2
Root Cause
Networking in lab environment:
Network 10.1.1.0 is the private network, and network 192.168.1.0 represents the public network. The users in the public network use different NAT when accessing the server (10.1.1.1) in the private network.
Suggestions
None

END