Source and Destination NAT Example

In this example, NAT rules translate both the source and destination IP address of packets between the clients and the server.
  • Source NAT—The source addresses in the packets from the clients in the Trust-L3 zone to the server in the Untrust-L3 zone are translated from the private addresses in the network 192.168.1.0/24 to the IP address of the egress interface on the firewall (10.16.1.103). Dynamic IP and Port translation causes the port numbers to be translated also.
  • Destination NAT—The destination addresses in the packets from the clients to the server are translated from the server’s public address (80.80.80.80) to the server’s private address (10.2.133.15).
    source_dest_nat_example.png
The following address objects are created for destination NAT.
  • Server-Pre-NAT: 80.80.80.80
  • Server-post-NAT: 10.2.133.15
The following screen shots illustrate how to configure the source and destination NAT policies for the example.
source_dest_nat_ss_original.png
source_dest_nat_ss_translated.png
To verify the translations, use the CLI command
show session all filter destination 80.80.80.80
. A client address 192.168.1.11 and its port number are translated to 10.16.1.103 and a port number. The destination address 80.80.80.80 is translated to 10.2.133.15.

Related Documentation