Allowing both a NAT and route relationship

There may be circumstances in which you want to set up network objects for both network address translation (NAT) and route relationships. For example, if you want to do one of the following:

• Allow a selection of client computers in network "A" NAT access to a server in network "B".
• Allow a different selection of client computers in network "A" route access to a server in network "B".

Allowing a NAT and route relationship

Do this as follows:

To allow both a NAT and route relationship

1. Create computer set "1" containing hosts in network "A" that require a route relationship. You could also use a different network object, such as an IP address range or a computer.

2. Create computer set "2" containing hosts in network "A" that require a NAT relationship.

3. Create a network rule with a route relationship, computer set "1" as the source, and network "B" as the destination.

4. Create a network rule with an NAT relationship, computer set "2" as the source, and network "B" as the destination.

5. Set up a server publishing rule for the server in network "B" to which you want to allow client access. When you set up the server publishing rule, there are essentially two listeners for the network: the network adapter serving network "A" and the IP address of the published server. Computer set "1" can use either of these listeners. Computer set "2" can use only the network adapter serving network "A".