Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 122
- Page / 149
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
110 ServerIron ADX NAT64 Configuration Guide
53-1002444-02
Configuring NAT
7
DRAFT: BROCADE CONFIDENTIAL
Configuring NAT
The following types of NAT are supported with ServerIron ADX:
• Static NAT: Maps a specific public IP address (Internet IP address) with a specific private
address. Static translation ensures that ServerIron ADX always maps the same public address
to a given private address. For example, you can map a specific host (IP address 10.1.1.1) in
the private network to always use the same Internet address (150.1.1.1) when communicating
outside the private network. The ServerIron ADX supports both inside-to-outside static NAT and
outside-to-inside static NAT.
• Dynamic NAT: Maps a group of private addresses with a pool of global IP addresses that you
configure. For example, in Figure 18 a global pool within the IP address range of
209.157.1.3/24 through 209.157.1.30/24 is mapped with a private IP subnet 10.10.1.0/24.
With dynamic NAT, ServerIron ADX uses a round robin technique to select a global IP address to
map to a private IP address for every new connection. However, the address selection can get
randomized depending on the number of free ports available for the translation.
In order to reliably de-multiplex return traffic to the internal clients, dynamic NAT uses port
address translation (PAT), whereby the ServerIron ADX translates the client’s source port into
any free port available with the public IP address.
NOTE
You can configure both dynamic and static NAT on the same device. When you configure both types
of NAT, static NAT takes precedence over dynamic NAT. Thus, if both static and dynamic NAT entries
exist for a private address, the ServerIron ADX will always use the static translation instead of
creating a dynamic one.
PAT
Dynamic NAT uses port address translation (PAT). Because there is no one-to-one mapping
between private addresses and global addresses, PAT maps a client's IP address and TCP/UDP
port to both a global IP address and a TCP/UDP port. In this way, the ServerIron ADX can map many
private addresses to the same public address and use TCP/UDP ports to uniquely identify the
private hosts.
NOTE
PAT is also called overloading an inside global address.
in the following example, using PAT (or overloading) three different private IP addresses with same
source ports are mapped to the same global IP address (209.157.1.2), but with different source
ports. Thus, the translated source ports help to uniquely identify the reverse session for each
dynamic NAT translation.
Inside address Outside address
10.10.10.2:6000 209.157.1.2:1024
10.10.10.3:6000 209.157.1.2:1025
10.10.10.4:6000 209.157.1.2:1026
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 9
- Command syntax conventions 10
- Notice to the reader 11
- Related publications 11
- Getting technical help 11
- NAT64 and NAT46 Overview 13
- Stateless NAT46 translation 14
- Protocol support 15
- NAT64 fragmentation support 17
- References 18
- Stateful NAT64 Configuration 19
- Operation of stateful NAT64 20
- 53-1002444-02 23
- Enabling connection logging 28
- Displaying NAT64 information 31
- Displaying NAT64 translations 32
- Displaying NAT64 statistics 33
- Displaying NAT64 resources 37
- Stateless NAT64 Configuration 39
- Operation of stateless NAT64 40
- High availability for NAT64 52
- Clearing NAT64 information 53
- Stateless NAT46 Configuration 55
- Operation of stateless NAT46 56
- High availability for NAT46 67
- Displaying NAT46 information 68
- Clearing NAT46 information 69
- Access Control Lists 71
- Rule-based ACLs 72
- Default ACL action 74
- ACL IDs and entries 74
- Configuring rule-based ACLs 77
- Modifying rule-based ACLs 85
- Reordering ACLs 86
- Applying ACLs to interfaces 87
- Adding comments to named ACLs 89
- ACL logging 94
- Displaying ACL log entries 95
- Clearing the ACL statistics 97
- Throttling the fragment rate 98
- DRAFT: BROCADE CONFIDENTIAL 100
- Enabling strict TCP mode 101
- Enabling strict UDP mode 102
- ACLs and ICMP 103
- Numbered ACLs 104
- Named ACLs 105
- • Enable the strict TCP mode 107
- IPv6 Access Control Lists 109
- Configuration notes 110
- Processing of IPv6 ACLs 110
- Configuring IPv6 ACLs 111
- IPv6 ACL syntax 114
- Syntax Description 116
- Displaying IPv6 ACLs 118
- Logging IPv6 ACLs 119
- Network Address Translation 121
- Configuring NAT 122
- Configuring static NAT 123
- Configuring dynamic NAT 123
- Enabling IP NAT 124
- NAT configuration examples 125
- IP NAT with VIP overlap 129
- Translation timeouts 130
- Stateless static IP NAT 132
- IP NAT redundancy 133
- Displaying NAT information 144
- Displaying NAT translation 147
- Displaying VRRPE information 148
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(16 pages)
(82 pages)© 2020, manymanuals.com. All rights reserved. | 1.032 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals