Manualshelf

Specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface
111112113114115116117118119120
120 Chapter 5. Configuring Software Options
If NAT translation is enabled for the Input interface, NAT translation is performed.
Forward Phase
At this stage, the router uses its routing table to determine to which interface or link the packet is sent . It then
applies the Forward filters based on the Input interface information. Next the router applies the Forward
filters based on the Output interface information.
Output Phase
If NAT translation is enabled for the Output interface, then NAT translation is performed. The router
examines the Output filters for this interface and handles the IP packet based on the first Output filter that
matches the packet.
Configuring Filters with Network Address Translation Enabled
General NAT Information
Network Address Translation is an IP address conversion feature that translates a PCÕs local (internal) address
into a global (outside/Internet) IP address. NAT is needed when a PC (or several PCs) on a Local Area
Network wants to connect to the Internet or get to a remote network that uses global, registered addresses:
NAT swaps the local IP address with a global IP address: the IP address and port information that the PC uses
are remapped (changed) to the IP address that was assigned to the router and a new port number is assigned.
Note: The preceding section, Filters and Interfaces, describes how NAT ÒbehavesÓ for each filtering phase.
Filter Actions
Each packet is compared to filters at each implementation point (Input, Forward, and Output). If no filter at a
particular point matches the incoming IP packet, the packet is accepted. If a filter does match the packet, the filter
initiates one of the following possible actions:
Accept
When the packet is accepted at a filter interface (Input, Forward, or Output), the router lets it proceed for
further processing.
Drop
With Drop, the packet is discarded.
Reject
With Reject, an ICMP REJECT (Internet Control Management Protocol) is sent to reject the packet.
Pass to IPSec
Two actionsÑinipsec and outipsecÑpass the packet to IPSec for further processing. The inipsec action is
for packets coming from the other IPSec gateway; it passes the packet to IPSec for decrypting. The outipsec