One-to-One NAT provides IP address translation between valid internal addresses to external addresses. Load Balancing and Static Routes are the basis for which a WAN is selected, while the source WAN IP of the traffic is defined by the one-to-one NAT rules, if configured. One-to-One NAT is also necessary if the Authoritative DNS feature will be used for inbound load-balancing and failover.
To create a One-to-One NAT rule, the following needs to be defined:
LAN IP / IP Range: The internal IP address, IP range, or Alias that is to be translated
WAN IP / IP Range: The external IP address, IP range, or Alias used for translation
Allow Inbound: Inbound traffic is forwarded from the WAN IP to the respective LAN IP. This setting will forward incoming traffic on all ports, while Port Forwarding can be used to create more specific forwarding rules.
The WAN IP address or range specified can be from any one or each of the WAN interfaces on the Ecessa appliance. The specified LAN IP and WAN IP address ranges should be the same size. If the WAN IP Range is less than the LAN IP Range, the Ecessa appliance will assign the LAN/WAN mappings sequentially until the WAN IP addresses run out. Any remaining LAN IP addresses will not be assigned a unique WAN IP address. If the WAN gateway addresses is included in the range, it and the associated LAN IP address will be skipped.
NAT Mode Example
IP Mappings:
NOTES | FIREWALL INTERNAL ADDRESS | FIREWALL EXTERNAL ADDRESS | WAN1 | WAN2 |
www.test.com | 192.168.100.10 | 192.168.1.61 | 172.20.1.61 | 10.50.0.21 |
ftp.test.com | 192.168.100.10 | 192.168.1.61 | 172.20.1.61 | 10.50.0.21 |
smtp.test.com | 192.168.100.20 | 192.168.1.62 | 172.20.1.62 | 10.50.0.22 |
MX RR | 192.168.100.20 | 192.168.1.62 | 172.20.1.62 | 10.50.0.22 |
Global NAT | 192.168.0.0/24 | 192.168.1.58 | 172.20.1.58 | 10.50.0.18 |
One –to-One NAT Rules:
LAN IP / IP Range | WAN IP / IP Range | Allow Inbound |
192.168.1.61 |
172.20.1.61 10.50.0.21 |
Yes |
192.168.1.62 |
172.20.1.62 10.50.0.22 |
Yes |
192.168.1.58 |
172.20.1.58 10.50.0.18 |
Yes |
Translucent Mode Example
IP Mappings:
NOTES | FIREWALL INTERNAL ADDRESS | FIREWALL EXTERNAL ADDRESS | WAN2 |
www.test.com | 192.168.100.10 | 172.20.1.61 | 10.50.0.21 |
ftp.test.com | 192.168.100.10 | 172.20.1.61 | 10.50.0.21 |
smtp.test.com | 192.168.100.20 | 172.20.1.62 | 10.50.0.22 |
MX RR | 192.168.100.20 | 172.20.1.62 | 10.50.0.22 |
Global NAT | 192.168.0.0/24 | 172.20.1.58 | 10.50.0.18 |
One-to-One NAT Rules:
LAN IP / IP Range | WAN IP / IP Range | Allow Inbound |
172.20.1.61 | 10.50.0.21 | Yes |
172.20.1.62 | 10.50.0.22 | Yes |
172.20.1.58 | 10.50.0.18 | Yes |
0 Comments