スタティック NAT/PAT
| 8.3以前のNAT | 8.3NAT |
|---|
| 標準スタティック NAT static (inside,outside) 192.168.100.100 10.1.1.6 netmask 255.255.255.255 | object network obj-10.1.1.6
host 10.1.1.6
nat (inside,outside) static 192.168.100.100
|
| 標準スタティック PAT static (inside,outside) tcp 192.168.100.100 80 10.1.1.16 8080 netmask 255.255.255.255 | object network obj-10.1.1.16
host 10.1.1.16
nat (inside,outside) static 192.168.100.100 service tcp 8080 www |
| スタティック ポリシー NAT access-list NET1 permit ip host 10.1.2.27 10.76.5.0 255.255.255.224 static (inside,outside) 192.168.100.100 access-list NET1 | object network obj-10.1.2.27 host 10.1.2.27
object network obj-192.168.100.100
host 192.168.100.100
object network obj-10.76.5.0
subnet 10.76.5.0 255.255.255.224
nat (inside,outside) source static obj-10.1.2.27 obj-192.168.100.100
destination static obj-10.76.5.0 obj-10.76.5.0 |
| 8.3以前のNAT | 8.3NAT |
|---|
標準ダイナミック PAT nat (inside) 1 192.168.1.0 255.255.255.0
nat (dmz) 1 10.1.1.0 255.255.255.0
global (outside) 1
192.168.100.100 | object network obj-192.168.1.0
subnet 192.168.1.0 255.255.255.0
nat (inside,outside) dynamic 192.168.100.100
object network obj-10.1.1.0
subnet 10.1.1.0 255.255.255.0
nat (dmz,outside) dynamic 192.168.100.100 |
標準ダイナミック PAT nat (inside) 1 10.1.2.0 255.255.255.0
global (outside) 1 192.168.100.100
global (dmz) 1 192.168.1.1
| object network obj-10.1.2.0
subnet 10.1.2.0 255.255.255.0
nat (inside,outside) dynamic 192.168.100.100
object network obj-10.1.2.0-01
subnet 10.1.2.0 255.255.255.0
nat (inside,dmz) dynamic 192.168.1.1 |
標準ダイナミック PAT-3 nat (inside) 1 0 0
global (outside) 1 interface | object network obj_any
subnet 0.0.0.0 0.0.0.0
nat (inside,outside) dynamic interface |
ダイナミック ポリシー NAT object-group network og-net-src
network-object 192.168.1.0 255.255.255.0
network-object 192.168.2.0 255.255.255.0
object-group network og-net-dst
network-object 192.168.200.0 255.255.255.0
object-group service og-ser-src
service-object tcp gt 2000
service-object tcp eq 1500
access-list NET6 extended permit object-group og-ser-src
object-group og-net-src object-group og-net-dst
nat (inside) 10 access-list NET6
global (outside) 10 192.168.100.100 | object network obj-192.168.100.100
host 192.168.100.100
object service obj-tcp-range-2001-65535
service tcp destination range 2001 65535
object service obj-tcp-eq-1500
service tcp destination eq 1500
nat (inside,outside) source dynamic og-net-src
obj-192.168.100.100 destination
static og-net-dst og-net-dst
service obj-tcp-range-2001-65535
obj-tcp-range-2001-65535
nat (inside,outside) source dynamic og-net-src
obj-192.168.100.100 destination
static og-net-dst og-net-dst
service obj-tcp-eq-1500 obj-tcp-eq-1500 |
ポリシー ダイナミック NAT(複数の ACE を使用) access-list ACL_NAT permit ip 172.29.0.0 255.255.0.0
192.168.1.0 255.255.255.0
access-list ACL_NAT permit ip 172.29.0.0 255.255.0.0
192.168.2.0 255.255.255.0
access-list ACL_NAT permit ip 172.29.0.0 255.255.0.0
192.168.3.0 255.255.255.0
access-list ACL_NAT permit ip 172.29.0.0 255.255.0.0
192.168.4.0 255.255.255.0
nat (inside) 1 access-list ACL_NAT
global (outside) 1 192.168.100.100 | object network obj-172.29.0.0
subnet 172.29.0.0 255.255.0.0
object network obj-192.168.100.100
host 192.168.100.100
object network obj-192.168.1.0
subnet 192.168.1.0 255.255.255.0
object network obj-192.168.2.0
subnet 192.168.2.0 255.255.255.0
object network obj-192.168.3.0
subnet 192.168.3.0 255.255.255.0
object network obj-192.168.4.0
subnet 192.168.4.0 255.255.255.0
nat (inside,outside) source dynamic obj-172.29.0.0 obj-192.168.100.100
destination static obj-192.168.1.0 obj-192.168.1.0
nat (inside,outside) source dynamic obj-172.29.0.0 obj-192.168.100.100
destination static obj-192.168.2.0 obj-192.168.2.0
nat (inside,outside) source dynamic obj-172.29.0.0 obj-192.168.100.100
destination static obj-192.168.3.0 obj-192.168.3.0
nat (inside,outside) source dynamic obj-172.29.0.0 obj-192.168.100.100
destination static obj-192.168.4.0 obj-192.168.4.0
|
外部 NAT global (inside) 1 10.1.2.30-1-10.1.2.40
nat (dmz) 1 10.1.1.0 255.255.255.0 outside
static (inside,dmz) 10.1.1.5 10.1.2.27 netmask 255.255.255.255 | object network obj-10.1.2.27
host 10.1.2.27
nat (inside,dmz) static 10.1.1.5
object network obj-10.1.1.0
subnet 10.1.1.0 255.255.255.0
nat (dmz,inside) dynamic obj-10.1.2.30-10.1.2.40
object network obj-10.1.2.30-10.1.2.40
range 10.1.2.30 10.1.2.40 |
NAT およびインターフェイス PAT nat (inside) 1 10.1.2.0 255.255.255.0
global (outside) 1 interface
global (outside) 1 192.168.100.100-192.168.100.200 | object network obj-192.168.100.100_192.168.100.200
range 192.168.100.100 192.168.100.200
object network obj-10.1.2.0
subnet 10.1.2.0 255.255.255.0
nat (inside,outside) dynamic
obj-192.168.100.100_192.168.100.200 interface |
NAT、インターフェイス PAT、追加 PAT nat (inside) 1 10.0.0.0 255.0.0.0 global (outside) 1 192.168.100.1-192.168.100.200 global (outside) 1 interface global (outside) 1 192.168.100.210 | object network obj-192.168.100.100_192.168.100.200
range 192.168.100.100 192.168.100.200
object network obj-10.0.0.0
subnet 10.0.0.0 255.0.0.0
object network second-pat
host 192.168.100.210
object-group network dynamic-nat-pat
network-object object obj-192.168.100.100_192.168.100.200
network-object object second-pat
nat (inside,outside) dynamic dynamic-nat-pat interface |
----------------------------------------------------------------------------------
DOC-9129
