EMAIL SUPPORT
dclessons@dclessons.comLOCATION
AFConfiguring Service Side NAT
Configuring Service Side NAT
In Cisco Viptela, both Dynamic NAT and Static NAT can be configured in service VPN of vEdge router. To configure the Service Side NAT, following method is to be followed.
- Configure or Create NAT Pool Interface
- Configure or Create Data Policy to direct data traffic to service side NAT
- Configure Dynamic or Static NAT
Let’s see the above steps one by one.
Create a NAT Pool interface:
This NAT pool interface on router NATs data traffic when any data traffic is directed to it and then send the traffic towards destination.
In required VPN, create NAT Pool interface
vEdge(config-vpn)# interface natpoolnumber { number from 1 to 31 }
Configure the NAT pool interface's IP address:
vEdge(config-natpool)# ip address prefix/length
Length of IP address determines number of address router can do NAT at one time. For each NAT pool interface maximum 250 IP address can be configured.
Enable the interface:
vEdge(config-natpool)# no shutdown
Configure or Create Data Policy to direct data traffic to service side NAT
This steps is used, when we need to direct the traffic from service VPN to NAT, a centralized data policy on vSmart controller is to be configured. Once Match is done, the matched traffic is diverted to NAT.
Configure the lists required for the data policy that is list of VPN and sites, matching data prefixes.
vSmart(config-policy-lists)# vpn-list list-name
vSmart(config-policy-vpn-list)# vpn vpn-id
vSmart(config-policy-lists)# site-list list-name
vSmart(config-policy-site-list)# site-id site-id
vSmart(config-policy-lists)# data-prefix-list list-name
vSmart(config-policy-data-prefix-list)# ip-prefix prefix/length
Configure a data policy:
vSmart(config-policy)# data-policy policy-name
vSmart(config-data-policy)# vpn-list list-name
vSmart(config-vpn-list)# sequence number
Configure the desired match conditions:
vSmart(config-sequence)# match condition
In the action, associate matching data traffic with the desired NAT pool:
vSmart(config-sequence)# action accept
vSmart(config-sequence)# nat pool number
Configure the desired default action for the data policy:
vSmart(config-vpn-list)# default-action (accept | reject)
Apply the policy to the desired sites in the overlay network:
vSmart(config)# apply-policy site-list list-name data-policy policy-name from-service
Configure Dynamic NAT:
By default, when any router is configured to act as NAT device, it does Dynamic NAT and it can perform dynamic NAT up to 250 IP address across NAT pools.
vEdge(config-vpn)# interface natpoolnumber
vEdge(config-natpool)# ip address prefix/length
vEdge(config-natpool)# no shutdown
vEdge(config-natpool)# nat
Comment
TABLE OF CONTENTS
- Onboarding & Provisioning Configuring Templates
- Authentication between vSmart & vBond
- Authentication between vSmart Controller
- Authentication between vBond & vEdge Router
- Authentication between vEdge Router & vManage NMS
- Authentication between vSmart Controller & vEdge Router
- Viptela Specific Port Terminology
- Configure vManage & Generate Certificate
- Configure vBond & Generate Certificate
- Configure vSmart & Generate Certificate
- Configure vEdge & Generate Certificate
- Secure DataPlane Bringup
- Control Plane & Data Plane Operation - Unicast Routing Overview
- Configuring OMP & Its attributes
- Configure Unicast Overlay Routing
- Routing Configuration Example
- Segmentation Overview
- Configuring Segmentation
- Segmentation Configuration Example
- Data Traffic across Private WANs
- NAT in SDWAN & Data Encryption
- SD-WAN Viptela Policy Overview
- SD-WAN Centralized & Localized Control Policy Overview
- SD-WAN Centralized & Localized Data Policy
- Application – Aware Routing Overview
- Service Chaining
- Traffic Flow Monitoring
- vEdge Router as NAT Device
- Zone Based Firewalls
- Configuring Application Aware Routing
- Configure Centralized Control Policy
- Configuring Centralized Data Policy
- Configuring Cflowd Traffic Monitoring
- Configuring Zone based Firewall
- Service Chaining Configuration Example
- Configuring Service Side NAT
- Configuring Transport side NAT
RECENT POSTS
- Advancing Your Career with Cisco Data Center Mastery: A Comprehensive Guide to Nexus Training
- Securing Networks in the Digital Age: Your Guide to Mastering Cisco Identity Services Engine (ISE)
- Becoming an AWS Solution Architect: Your Path to Cloud Expertise
- Navigating Your Journey to Docker Expertise: Master Docker with Comprehensive Training and Certification
- Transform Your Azure Networking Expertise Through AZ-700 Training
- Why Choose DClessons for Your SD-WAN Velocloud Training Needs
- Next-Level Networking: Unlocking Cisco ACI and DCACIA Potential with DClessons
- Mastering Data Center Technologies with DClessons: A Comprehensive Guide to Cisco CCIE Data Center Training
- Why Choose Cisco SD-WAN Solutions with DClessons?
- What is Docker and Why is It Important?
LEAVE A COMMENT
Please login here to comment.