Web example: Configuring NAT Server for external-to-internal access

Network configuration

As shown in Figure-1, the server in the internal network to provide Web services for external users.

Configure the NAT Server feature to allow the external user to use public address 200.2.2.1/24 to access the internal server.

Figure-1 Network diagram

Software versions used

This configuration example was created and verified on R9900P2705 of the F5000-AI-55-G device.

Restrictions and guidelines

Do not configure both the NAT translation methods and a global NAT policy.

Procedure

  1. Assign IP addresses to interfaces and add the interfaces to security zones.

    # On the top navigation bar, click Network.

    # From the navigation pane, select Interface Configuration > Interfaces.

    # Click the Edit icon for GE 1/0/1.

    # In the dialog box that opens, configure the interface:

    1. Select the Untrust security zone.

    2. On the IPv4 Address tab, enter the IP address and mask of the interface. In this example, enter 200.2.2.254/24.

    3. Click OK.

    # Add GE 1/0/2 to the Trust security zone and set its IP address to 172.16.100.254/24 in the same way you configure GE 1/0/1.

  2. Configure a security policy.

    # On the top navigation bar, click Policies.

    # From the navigation pane, select Security Policies > Security Policies.

    # Click Create and click Create a policy.

    # In the dialog box that opens, configure policy parameters as follows:

    1. Enter a policy name. In this example, the name is Secpolicy.

    2. Select the source zone. In this example, the source zone is Untrust.

    3. Select the destination zone. In this example, the destination zone is Trust.

    4. Select IPv4 as the type.

    5. Select Permit as the action.

    6. Specify the IP address of the host as the source IPv4 address. In this example, the address is 100.100.100.100.

    7. Specify the IP address of the server as the destination IPv4 address. In this example, the address is 172.16.100.1.

    8. Click Apply.

  3. Configure a NAT server rule.

    # On the top navigation bar, click Policies.

    # From the navigation pane, select Interface NAT > IPv4 > NAT Servers.

    # Click Create.

    # Create a NAT server rule, as shown in Figure-2.

    Figure-2 Creating a NAT server rule

    # Click Apply.

Verifying the configuration

  1. Verify that the host can successfully ping the public address.

    C:\Users\abc>ping 200.2.2.1

    Pinging host.com [200.2.2.1] with 32 bytes of data:

    Reply from 200.2.2.1: bytes=32 time<1ms TTL=253

    Reply from 200.2.2.1: bytes=32 time<1ms TTL=253

    Reply from 200.2.2.1: bytes=32 time<1ms TTL=253

    Reply from 200.2.2.1: bytes=32 time<1ms TTL=253

    Ping statistics for 200.2.2.1:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

  2. Verify that a NAT session is generated when the host accesses the internal server.

    # On the top navigation bar, click Monitor.

    # From the navigation pane, select Sessions.

    Figure-3 Session list