No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>


To have a better experience, please upgrade your IE browser.


Differentiated Policy-Based NAT Configuration on USG5500 on an Enterprise Network

Publication Date:  2012-07-25 Views:  95 Downloads:  0
Issue Description
Differentiated NAT for data flows optimizes the allocation of the scarce resources for the wide variety of customer demands.
Alarm Information
Handling Process
Configure the USG5500 as follows:
                                Step 1     Set the IP addresses of the interfaces, define routing polices, and add routes to the routing table.
interface GigabitEthernet0/0/0
ip address
interface GigabitEthernet0/0/1
ip address
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/2
nat-policy interzone trust untrust outbound
policy 1
policy source mask 24
                                Step 2     Configure the NAT policy.
nat address-group 1
nat address-group 2
nat server 0 global inside no-reverse
nat server 1 global inside no-reverse
                                Step 3     Apply the NAT policy on the Trust zone.
policy interzone trust untrust outbound
policy 1
action permit
policy destination address-set add1
policy destination address-set add2
nat-policy interzone trust untrust outbound
policy 1
action source-nat
policy destination address-set add1
address-group 1
policy 2
action source-nat
policy destination address-set add2
address-group 2
Root Cause
Networking in lab environment:
Network is the private network, and network represents the public network. The users in the public network use different NAT when accessing the server ( in the private network.