Source and Destination NAT Example
Focus
Focus

Source and Destination NAT Example

Table of Contents
End-of-Life (EoL)

Source and Destination NAT Example

In this example, NAT rules translate both the source and destination IP address of packets between the clients and the server.
  • Source NAT—The source addresses in the packets from the clients in the Trust-L3 zone to the server in the Untrust-L3 zone are translated from the private addresses in the network 192.168.1.0/24 to the IP address of the egress interface on the firewall (10.16.1.103). Dynamic IP and Port translation causes the port numbers to be translated also.
  • Destination NAT—The destination addresses in the packets from the clients to the server are translated from the server’s public address (80.80.80.80) to the server’s private address (10.2.133.15).
The following address objects are created for destination NAT.
  • Server-Pre-NAT: 80.80.80.80
  • Server-post-NAT: 10.2.133.15
The following screen shots illustrate how to configure the source and destination NAT policies for the example.
To verify the translations, use the CLI command show session all filter destination 80.80.80.80. A client address 192.168.1.11 and its port number are translated to 10.16.1.103 and a port number. The destination address 80.80.80.80 is translated to 10.2.133.15.