In this example, NAT rules translate both the source
and destination IP address of packets between the clients and the
server.
Source NAT—The source addresses in the packets from the
clients in the Trust-L3 zone to the server in the Untrust-L3 zone
are translated from the private addresses in the network 192.168.1.0/24
to the IP address of the egress interface on the firewall (10.16.1.103).
Dynamic IP and Port translation causes the port numbers to be translated
also.
Destination NAT—The destination addresses in the packets
from the clients to the server are translated from the server’s
public address (80.80.80.80) to the server’s private address (10.2.133.15).
The following address objects are created for destination NAT.
Server-Pre-NAT: 80.80.80.80
Server-post-NAT: 10.2.133.15
The following screen shots illustrate how to configure the source
and destination NAT policies for the example.
To verify the translations, use the CLI command show session all filter destination 80.80.80.80.
A client address 192.168.1.11 and its port number are translated
to 10.16.1.103 and a port number. The destination address 80.80.80.80
is translated to 10.2.133.15.