Specifications

ManualsBrandsEnterasys ManualsComputer equipmentN Standalone (NSA) Series

131

132

133

134

135

136

137

138

139

140

NAT Overview

September 08, 2010 Page 3 of 18

NAT Overview

ThissectionprovidesanoverviewofNATconfiguration.

NAT Configuration

AtraditionalNATconfigurationismadeupofaprivatenetworkorintranet,apublicnetwork,

andarouterthatinterconnectsthetwonetworks.Theprivatenetworkismadeupofoneormore

hostsanddeviceseachassignedaninside(internal)addressthatisnotintendedtobedirectly

connectable

toapublicnetworkhostordevice.Thepublicnetworkhostsordeviceshaveoutside

(external)uniquelyregisteredpublicaddresses.Therouterinterconnectingtheprivateandpublic

networkssupporttraditionalNAT.ItisNAT’sresponsibilitytotranslatetheinsideaddresstoa

uniqueoutsideaddresstofacilitatecommunicationwiththe

publicnetworkforintranetdevices.

NATallowstranslationsbetweenIPaddresses.NAPTallowstranslationsbetweenmulti pleinside

addressesandtheirassociatedportsandasingleoutsideIPaddressanditsassociatedports.NAT

andNAPTsupportbothstaticanddynamicinsideaddresstranslation.

Static Inside Address Translation

Staticinsideaddresstranslationsareone‐to‐onebindingsbetweentheinsideandoutsideIP

addresses.Astaticaddressbindingdoesnotexpireuntilthecommandthatdefinesthebindingis

negated.WhenconfiguringNATforstaticinsideaddresstranslation,youassignalocalIPaddress

andaglobalIPaddress

tothebinding.WhenconfiguringNAPTforstaticinsideaddress

translation,youassignalocalIP addressandoneofitsassociatedL4portsandaglobalIPaddress

andoneofitsassociatedL4portstothebinding.Youalsospecifywhetherthepacketprotocolis

TCPorUDP

forthisbinding.

NAT Static Inside Address Translation

Figure 1onpage 4displaysabasicNATstaticinsideaddresstranslationoverview.Client1hasa

sourceaddressof10.1.1.1(itsownIPaddress)andadestinationaddressof200.1.1.50(theServer1

IPaddress).ThestatictranslationisconfiguredbetweenthelocalIPaddress(Client1’sownIP

address)andtheglobalIP

address200.1.1.1(anavailablepublicnetworkaddress).

ApacketarrivesattheNATrouterfromClient1withasourceaddressof10.1.1.1,butleavesthe

NATrouterwithasourceaddressof200.1.1.1.InbothcasesthedestinationisforServer1’sIP

addressof200.1.1.50.FromServer1’spointofview,

Client1’sIPaddressis200.1.1.1.Server1doesn’t

knowanythingaboutitsactualIPaddressof10.1.1.1.

Notes: NAT is currently supported on the S-Series and N-Series products. This document details

the configuration of NAT for the S-Series and N-Series products.

NAT is an advanced routing feature that must be enabled with a license key on the N-Series router.

An advanced routing license is currently not required on the S-Series platform. If you have

purchased an advanced license key, and have enabled routing on the device, you must activate

your license as described in the configuration guide that comes with your Enterasys N-Series

product in order to enable the NAT command set. If you wish to purchase an advanced routing

license, contact Enterasys Networks Sales.

A minimum of 256 MB of memory is required on all modules in order to enable NAT. See the

SDRAM field of the show system hardware command to display the amount of memory installed

on a module. An N-Series module memory can be upgraded to 256 MB using the DFE-256MB-UGK

memory kit.