How to Create and View NAT Rules on the CLI

by rupalekar on ‎10-15-2014 06:34 PM - edited on ‎07-25-2016 12:26 PM by (18,538 Views)

This document describes how to create and view NAT rules on the CLI (command line interface).

 

 

Use the following command to create a NAT rule on the CLI:

# set rulebase nat rules <NAT Rule Name> description <Description of NAT rule> from <Source Zone> to <Destination Zone> service <Service Type> source <Source IP Address>  destination <Destination IP address> source-translation <Type of Source Translation> interface-address interface <Interface Port number>

 

The example below create static NAT translation with dynamic IP and port and uses interface ethernet1/4.

> configure

# set rulebase nat rules StaticNAT description staticNAT from DMZ to L3-Untrust service any source any destination any source-translation dynamic-ip-and-port interface-address interface ethernet1/4

# commit

# exit

 

Once committed, use the following command to confirm creation of the NAT rule.

> show running nat-policy

 

StaticNAT {

        from DMZ;

        source any;

        to L3-Untrust;

        to-interface  ;

        destination any;

        service  any/any/any;

        translate-to "src: ethernet1/4 10.46.40.56 (dynamic-ip-and-port) (pool idx: 2)";

        terminal no;

}

 

owner: rupalekar

Comments
by VijayChandar
on ‎12-18-2017 05:41 PM

Would be really nice to run a report that shows only NAT address mappings

by
on ‎12-19-2017 02:54 AM

hi @VijayChandar

If you reach out to your local sales team and have them file a feature request that might just become available in the future

Ignite 2018
Ask Questions Get Answers Join the Live Community
Contributors