EMAIL SUPPORT
dclessons@dclessons.comLOCATION
AFConfiguring Transport side NAT
Configuring Transport side NAT
When a traffic comes from internal local network to external network, NAT is allowed, but when a request comes from external network to internal network, NAT is not allowed. To solve this problem, NAT on Transport-side is to be configured and vEdge router that sites on edge of internal network to be NAT gateway and perform NAT port forwarding called port mapping.
This can be achieved by two steps:
- Configure NAT port Forwarding
- Configure NAT Pools.
Configure NAT port forwarding:
To achieve this Edge router is configured as NAT gateway that performs NAT port forwarding, with this configuration vEdge router sends all packets received on particular port from external interface network to specific device on internal local network
vEdge(config)# vpn 0
vEdge(config-vpn)# interface ge slot/port
vEdge(config-interface)# nat
vEdge(config-nat)# port-forward port-start port-number1 port-end port-number2 proto (tcp | udp) private-vpn vpn-id private-ip-address ip-address
Port-stat and port-end options defines the desired range of TCP or UDP ports , any packet whose destination port matches the configured port or ports are forwarded to internal server.
For each rule specify the Private VPN in which internal server resides and also ip address of the internal server and total of 128 rules can be created.
Configure NAT Pools:
In this you configure NAT Pool of public IP address and map then o private IP address.
vEdge(config)# vpn 0
vEdge(config-vpn)# interface interface-name
vEdge(config-interface)# nat
vEdge(config-nat)# natpool range-start ip-address1 range-end ip-address2
vEdge(config-nat)# static source-ip ip-address1 translate-ip ip-address2 source-vpn vpn-id protocol (tcp | udp) source-port number translate-port number
- Source-ip, is the private source IP address to be NATed
- Translate-ip, is the public IP address to map the private source address. This IP address should be art of NAT Pool addresses that you configure with the natpool
- Source-vpn, is the service-side VPN from which the traffic to be sent.
- Protocol, specify the protocol being used to send the traffic flow
- Source-port and translate-port, specify the number of the source port and the port to which to translate it. The port number can be from 1 through 65535.
LEAVE A COMMENT
Please login here to comment.