Filter
Top Products
20 Release Note
Software Release 2.3.1
C613-10325-00 REV B
Figure 5: Using enhanced NAT in an IPsec tunnel with different IPsec and default gateways.
Standard NAT
To translate the source address of traffic received on the private interface eth0
and destined for addresses in the range 210.25.4.1-210.25.4.99 to the global
subnet 210.25.4.0, use the command:
ADD FIREWALL POLICY=zone1 RULE=10 ACTION=NAT NATTYPE=STANDARD
INT=eth0 PROTOCOL=all GBLIP=210.25.4.0
NATMASK=255.255.255.0 REMOTEIP=210.25.4.1-210.25.4.99
To provide a corresponding rule on the public interface eth1 to translate to the
private subnet 10.1.2.0, use the command:
ADD FIREWALL POLICY=zone1 RULE=11 ACTION=NAT NATTYPE=STANDARD
INT=eth1 PROTOCOL=all GBLIP=210.25.4.0 IP=10.1.2.0
NATMASK=255.255.255.0 REMOTEIP=210.25.4.1-210.25.4.99
Double NAT
To translate both the source and destination addresses of traffic received on the
private interface with a source address of 192.168.0.74 to a destination address
of 210.25.7.1 and new source address of 210.25.4.1, use the command:
ADD FIREWALL POLICY=zone1 RULE=50 ACTION=NAT NATTYPE=DOUBLE
INT=eth1 PROTOCOL=all IP=192.168.0.74 GBLIP=210.25.4.1
GBLREMOTEIP=210.25.7.1
LAN 2
192.168.1.1 - 192.168.1.100
A
L
L
F
I
R
E
W
NAT
Private interface:
192.168.2.100
LAN 1
192.168.2.0 subnet
Internet
Default
gateway
IPsec
gateway
IPsec tunnel
192.168.1.53
Apparent source host
FW-FG1