DYNAMIC NAT

The other type of NAT supported by SunScreen is DYNAMIC. For this example the hosts sf-host2, sf-host3, and so forth, need access to the Internet. Their source addresses are translated to a legal address sf-dynamic (192.168.2.103 in this example).

Define an address GROUP object called sf-internal and add all the internal hosts (sf-host1, and so forth) that need to use DYNAMIC NAT to this group.

Define an address HOST object (sf-dynamic in this example) that contains the legal address (192.168.2.103 in this example).

Note -
DYNAMIC NAT can use a range of addresses. In this example, sf-dynamic can be a RANGE or GROUP object.

Add an ARP entry for the legal address sf-dynamic, as described in the proceeding STATIC example.

Add a rule to translate sf-internal to sf-dynamic, as shown in the following figure:

Figure 3-3 DYNAMIC NAT Rule

Previous: General NAT Configuration
Next: Chapter 4 Routing Mode and VPN Gateway

DYNAMIC NAT

Figure 3-3 DYNAMIC NAT Rule