Specifications

ManualsBrandsEnterasys ManualsComputer equipmentN Standalone (NSA) Series

131

132

133

134

135

136

137

138

139

140

NAT Overview

September 08, 2010 Page 5 of 18

Figure 2 Basic NAPT Static Inside Address Translation

Dynamic Inside Address Translations

Dynamicaddressbindingsareformedfromapre‐configuredaccess‐listoflocalinsideaddresses

andapre‐configuredaddresspoolofpublicoutsideaddresses.Access‐listsareconfiguredusing

theaccess‐listcommand.Addresspoolsareconfiguredusingtheipnatpoolcommand.

IPaddressesdefinedfordynamicbindingsare

reassignedwhenevertheybecomefree.Unlikea

statictranslation whichpersistsuntilthecommandthatdefinesthebindingisnegated,aNAT

translationtimeoutoptionisconfigurablefordynamictranslationsanddefaultsto240seconds.

ThedynamicinsideaddresstranslationdefaultstoNAT.Toconfigureadynamicinsideaddress

translationfor

NAPT,specifytheoverloadoptionwhencreatingthetranslationlist.Globalports

aredynamicallyassignedbetweentherangeof1024and4999.

YoucanalsospecifytheVLANinterfaceoverwhichthistranslationwillbeapplied.Otherwise,

thetranslationappliestoallinterfaces.

NAT Dynamic Inside Address Translation

Figure 3onpage 6displaysabasicNATdynamicinsideaddresstranslationoverview.The

overviewshowstwointernalnetworkclients:Client1andClient2.Theaccess‐listassignedtothis

dynamictranslationmustcontainpermitsfortheIPaddressofeachlocalclient(10.1.1.1and

10.1.1.2).ANATpoolmustbeconfiguredwith

atleastatwoaddressrangeofpubliclyavailableIP

addressesandassignedtothisdynamictranslation.InthiscasethepublicIPaddressrangeisfrom

200.1.1.1to200.1.1.2.ThisisaNATdynamictranslationsowedonotassigntheoverloadoption.

Client1 Walkthrough:

ApacketarrivesattheNATrouterfromClient1withasourceaddressof10.1.1.1,butleavesthe

NATrouterwithasourceaddressfromtheassignedpool,inthiscase:200.1.1.2.Inbothcasesthe

destinationisforServer1’sIPaddressof200.1.1.50.FromServer1’spointofview,Client1’sIP



addressis200.1.1.2.Server1doesn’tknowanythingaboutitsactualIPaddressof10.1.1.1.

WhenServer1respondstoClient1,itspacketarrivesattheNATrouterwithClient1’stranslated

addressof200.1.1.2asthedestinationaddress,butleavestheNATrouterwithClient1’sactual

addressof10.1.1.1asthedestination

address.Server1’sresponseisdeliveredtoIPaddress10.1.1.1.

Client2

10.1.1.2

Server1

200.1.1.50

NAT

ROUTER

DA: 200.1.1.50:80

SA: 200.1.1.1:1025

External

Public

Network

Internal

Private

Network

DA: 200.1.1.1:1025

SA: 200.1.1.50:80

DA: 200.1.1.50:80

SA: 10.1.1.2:125

DA: 10.1.1.2:125

SA: 200.1.1.50:80