Use static NAT rules to make one-to-one translations between either a single pair or multiple pairs of addresses. Most commonly, static NAT rules are used to translate an advertised address for a public server to a different address.
A static NAT rule translates either the source or destination addresses in a packet. In most cases, this means that you will need to define two NAT rules to:
Translate the source address when the packet is flowing in one direction.
Translate the destination address when packets are flowing in the other direction.
As an example of static NAT rules in one-to-one translation, assume that your public web server has an address of 10.0.0.1 (defined by the address object "private_www") and you want to allow access to this web server through the public address 199.190.177.1 (defined by the address object "public_www"). Assume also that the address Internet represents Internet addresses. To do this requires two static NAT rules, as shown in the table below
The first rule specifies that the destination address public_www (199.190.177.1) is the translated destination address private_www (10.0.0.1). This NAT rule handles packets flowing to the web server.
The second rule specifies that the source address private_www (10.0.0.1) is the translated source address public_www (199.190.177.1). This NAT rule handles packets flowing from the web server.
Table 7-1 Static NAT Rules
Type of NAT Rule |
Source |
Destination |
Translated Source |
Translated Destination |
Comment |
---|---|---|---|---|---|
STATIC |
"Internet" |
"public_www" |
"Internet" |
"private_www" |
Packets to server |
STATIC |
"private_www" |
"Internet" |
"public_www" |
"Internet" |
Packets from server |