Watchguard Firebox X1000 Betriebsanweisung PDF herunterladen (Seite 105)

Using 1-to-1 NAT

User Guide 89

9 Click OK to close the Add Address dialog box. Click OK to close the

services’s Properties dialog box.

Using 1-to-1 NAT

1-to-1 NAT uses a global NAT policy that rewrites and redirects packets

sent to one range of addresses to a completely different range of

addresses. This address conversion works in both directions. You can

configure any number of 1-to-1 NAT addresses.

A common reason to use 1-to-1 NAT is to map public IP addresses to

internal servers without needing to renumber those servers. 1-to-1 NAT is

also used for VPNs in which the remote network’s IP addressing scheme

conflicts with the local scheme. By translating the local network to a range

that is not in conflict with the other end, both sides can communicate. For

more information on 1-to-1 NAT, see the following FAQ:

https://support.watchguard.com/advancedfaqs/nat_onetoone.asp

Each NAT policy contains four configurable pieces of information:

• The interface (External, Trusted, Optional, IPSec)

• The public IP address

• The internal IP address

• The number of hosts to remap

The NAT base plus the range defines the NAT region while the real base

plus the range defines the hidden or forwarded region.

For instance, the following policy:

210.199.6.0–192.168.69.0:255 (NAT base to real base range)

means that all traffic addressed to hosts between 210.199.6.0 and

210.199.6.255 is forwarded to the corresponding IP address between

192.168.69.0 and 192.168.69.255.

A one-to-one mapping exists between each NAT address and the

forwarded (real) IP address: 210.199.6.0 becomes 192.168.69.0.

From Policy Manager:

1 Select Setup => NAT.

The NAT Setup dialog box appears.

1 2 ... 100 101 102 103 104 105 106 107 108 109 110 ... 270 271

Keine Kommentare

Watchguard Firebox X1000 Betriebsanweisung Seite 105