Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 129
- Page / 149
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
ServerIron ADX NAT64 Configuration Guide 117
53-1002444-02
Forwarding packets without NAT translation
7
DRAFT: BROCADE CONFIDENTIAL
ServerIronADX(config)# interface ethernet 1/1
ServerIronADX(config-if-e1000-1/1) ip address 30.30.0.1 255.255.0.0
ServerIronADX(config-if-e1000-1/1) ip address 15.15.15.100 255.255.0.0
ServerIronADX(config-if-e1000-1/1) ip nat outside
Forwarding packets without NAT translation
By default, if the ServerIron ADX receives a non-SYN packet for a TCP flow from an internal NAT
client and no existing NAT session is found, the ServerIron ADX will drop that packet.
You can optionally configure the ServerIron ADX to forward such packets without NAT translation by
entering the following command.
ServerIronADX(config)# nat-forward-no-session
Syntax: [no] nat-forward-no-session
The nat-forward-no-session command is required in some special cases (such as when dynamic
NAT is used with VIP overlap) when the ServerIron ADX would drop packets because it cannot locate
the corresponding NAT sessions. This occurs in cases where the remote client open connections to
a real server directly and the ServerIron ADX routes the initial SYN packet to the real server. When
the SYN-ACK packet subsequently arrives from the real server, the ServerIron ADX checks the
session table to locate the corresponding session. However, because the SYN-ACK packet does not
belong to the an session from the real server itself, there will be no corresponding session.
Therefore, the ServerIron ADX will not find the session table entry and would drop it. If the
nat-forward-no-session command is configured, the SYN-ACK packet is not dropped and is
forwarded to remote client.
IP NAT with VIP overlap
The ServerIron ADX can be configured to use an IP address assigned to a virtual server as a
dynamic NAT pool IP.
In this configuration, the connections initiated from inside going out will be translated and will take
the source IP of the virtual server. The return traffic to these already established connections will
be routed back to the host that initiated this connection. At the same time, a connection initiated by
an outside host coming in to the virtual server, will be load balanced and sent to a real server.
The access list (ACL) defining the traffic for this scenario can contain both real servers already
bound to the virtual server, as well as any other hosts on the same subnet. Brocade recommends
that for this scenario, the dynamic NAT pool should only contain a single IP address, that is, the
virtual server IP address.
Figure 21 illustrates an example where IP NAT is configured with VIP overlap.
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 9
- Command syntax conventions 10
- Notice to the reader 11
- Related publications 11
- Getting technical help 11
- NAT64 and NAT46 Overview 13
- Stateless NAT46 translation 14
- Protocol support 15
- NAT64 fragmentation support 17
- References 18
- Stateful NAT64 Configuration 19
- Operation of stateful NAT64 20
- 53-1002444-02 23
- Enabling connection logging 28
- Displaying NAT64 information 31
- Displaying NAT64 translations 32
- Displaying NAT64 statistics 33
- Displaying NAT64 resources 37
- Stateless NAT64 Configuration 39
- Operation of stateless NAT64 40
- High availability for NAT64 52
- Clearing NAT64 information 53
- Stateless NAT46 Configuration 55
- Operation of stateless NAT46 56
- High availability for NAT46 67
- Displaying NAT46 information 68
- Clearing NAT46 information 69
- Access Control Lists 71
- Rule-based ACLs 72
- Default ACL action 74
- ACL IDs and entries 74
- Configuring rule-based ACLs 77
- Modifying rule-based ACLs 85
- Reordering ACLs 86
- Applying ACLs to interfaces 87
- Adding comments to named ACLs 89
- ACL logging 94
- Displaying ACL log entries 95
- Clearing the ACL statistics 97
- Throttling the fragment rate 98
- DRAFT: BROCADE CONFIDENTIAL 100
- Enabling strict TCP mode 101
- Enabling strict UDP mode 102
- ACLs and ICMP 103
- Numbered ACLs 104
- Named ACLs 105
- • Enable the strict TCP mode 107
- IPv6 Access Control Lists 109
- Configuration notes 110
- Processing of IPv6 ACLs 110
- Configuring IPv6 ACLs 111
- IPv6 ACL syntax 114
- Syntax Description 116
- Displaying IPv6 ACLs 118
- Logging IPv6 ACLs 119
- Network Address Translation 121
- Configuring NAT 122
- Configuring static NAT 123
- Configuring dynamic NAT 123
- Enabling IP NAT 124
- NAT configuration examples 125
- IP NAT with VIP overlap 129
- Translation timeouts 130
- Stateless static IP NAT 132
- IP NAT redundancy 133
- Displaying NAT information 144
- Displaying NAT translation 147
- Displaying VRRPE information 148
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(16 pages)
(82 pages)© 2020, manymanuals.com. All rights reserved. | 0.729 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals