Follow

Overview and Examples

One-to-One NAT provides IP address translation between valid internal addresses to external addresses. Load Balancing and Static Routes are the basis for which a WAN is selected, while the source WAN IP of the traffic is defined by the one-to-one NAT rules, if configured. One-to-One NAT is also necessary if the Authoritative DNS feature will be used for inbound load-balancing and failover.

To create a One-to-One NAT rule, the following needs to be defined:

LAN IP / IP Range: The internal IP address, IP range, or Alias that is to be translated

WAN IP / IP Range: The external IP address, IP range, or Alias used for translation

Allow Inbound: Inbound traffic is forwarded from the WAN IP to the respective LAN IP. This setting will forward incoming traffic on all ports, while Port Forwarding can be used to create more specific forwarding rules.

The WAN IP address or range specified can be from any one or each of the WAN interfaces on the Ecessa appliance. The specified LAN IP and WAN IP address ranges should be the same size. If the WAN IP Range is less than the LAN IP Range, the Ecessa appliance will assign the LAN/WAN mappings sequentially until the WAN IP addresses run out. Any remaining LAN IP addresses will not be assigned a unique WAN IP address. If the WAN gateway addresses is included in the range, it and the associated LAN IP address will be skipped.

 

NAT Mode Example

NAT_mode_O2ONAT_networkdiagram1.png

IP Mappings:

NOTES FIREWALL INTERNAL ADDRESS FIREWALL EXTERNAL ADDRESS WAN1 WAN2
www.test.com 192.168.100.10 192.168.1.61 172.20.1.61 10.50.0.21
ftp.test.com 192.168.100.10 192.168.1.61 172.20.1.61 10.50.0.21
smtp.test.com 192.168.100.20 192.168.1.62 172.20.1.62 10.50.0.22
MX RR 192.168.100.20 192.168.1.62 172.20.1.62 10.50.0.22
Global NAT 192.168.0.0/24 192.168.1.58 172.20.1.58 10.50.0.18

 

One –to-One NAT Rules:

LAN IP / IP Range WAN IP / IP Range Allow Inbound
192.168.1.61

172.20.1.61

10.50.0.21

Yes
192.168.1.62

172.20.1.62

10.50.0.22

Yes
192.168.1.58

172.20.1.58

10.50.0.18

Yes

 

Translucent Mode Example

Translucent-Mode_O2ONAT_networkdiagram1.png

IP Mappings:

NOTES FIREWALL INTERNAL ADDRESS FIREWALL EXTERNAL ADDRESS WAN2
www.test.com 192.168.100.10 172.20.1.61 10.50.0.21
ftp.test.com 192.168.100.10 172.20.1.61 10.50.0.21
smtp.test.com 192.168.100.20 172.20.1.62 10.50.0.22
MX RR 192.168.100.20 172.20.1.62 10.50.0.22
Global NAT 192.168.0.0/24 172.20.1.58 10.50.0.18

 

One-to-One NAT Rules:

LAN IP / IP Range WAN IP / IP Range Allow Inbound
172.20.1.61 10.50.0.21 Yes
172.20.1.62 10.50.0.22 Yes
172.20.1.58 10.50.0.18 Yes

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.