- CheckMates
- :
- Products
- :
- General Topics
- :
- Detination NAT rules
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Detination NAT rules
Couple of question about destination NAT. Is destination also have hide nat as we can do many source hide behind with one host or dynamic natted to few hosts (pool).
Is the following example will work?
Example #1:
O-Src: 10.0.0.0/8
O-Dst: 10.0.1.0/24
T-Src: 10.0.2.1/32
T-Dst: 192.168.1.0/24
Example #2:
O-Src: 10.0.0.0/8
O-Dst: 10.0.1.1-254 (range)
T-Src: 10.0.2.1/32
T-Dst: 192.168.1-254 (range)
Example #3:
O-Src: 10.0.0.0/8
O-Dst: 10.0.1.0/24
T-Src: 10.0.2.1/32
T-Dst: 192.168.1.1 (hide)
Example #4:
O-Src: 10.0.0.0/8
O-Dst: 10.0.1.0/24
T-Src: 10.0.2.1/32
T-Dst: 192.168.1.1-4 (pool)
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can do many to fewer NAT on a source address.
For a destination, you can only do 1-1 NAT.
Which suggests example 1 and 2 will work, 3 and 4 will not.
You can try to configure this, but you’ll very likely receive an error when you push policy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can do many to fewer NAT on a source address.
For a destination, you can only do 1-1 NAT.
Which suggests example 1 and 2 will work, 3 and 4 will not.
You can try to configure this, but you’ll very likely receive an error when you push policy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great, thanks for testing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No worries at all, if you have any other rules you want me to try, happy to do it.