Page 379

Port Address Translation 353

The concept behind PAT is the same as for NAT. A pool of addresses is not needed because only
one address services all devices. The two commands that are needed for the 700 to use PAT are

set ip pat on
set ip pat porthandler port ip-address

where port is the transport layer port for the application and ip-address is the local address of
the device.

Once you enter the set ip pat on command, the single address that is used for the translation is
included in the port handler assignment. The port handler is unique to the 700 series router. The
port handler declares which ports are translated. Earlier, the chapter explained how an access
list declares which traffic will be translated for Cisco IOS Software-based routers. In our current
situation, however, the selection is done on a port basis; up to 15 port handler statements can be
on a 700 series router. Figure 11-9 shows the port handler in use.

Figure 11-9

Using the Port Handler for PAT

The FTP and HTTP servers are translated when they are sent using the Router profile. The
address to which they are translated is the address of the interface that is in use at the time. In
the example in the figure, FTP packets from the outside world that are destined for 155.5.5.2
(the 700 series router's ISDN interface address) are translated to 10.0.0.22--the inside FTP
server. Likewise, HTTP packets addressed to the 155.5.5.2 address are translated to 10.0.0.25--
the HTTP server.

FTP

server

10.0.0.22

10.0.0.25

155.5.5.0/24

700

>set system MY700
MY700>set user router
MY700:Router>set ip pat on
MY700:Router>cd
MY700>set ip pat port ftp 10.0.0.22
MY700>set ip pat port http 10.0.0.25

HTTP

server

ISDN

network