IP Router Configuration
7705 SAR OS Router Configuration Guide 51
The configurable outside NAT pool for the source IP address and source port can be either a
range of addresses and ports or a unique IP address and port.
The 7705 SAR also supports a single public IP address so that all inside (private) source IP
addresses can be mapped to a single outside IP address and a range of ports. In this case, the
interface name can be assigned to the NAT pool configuration. For ease of configuration, any
local interfaces on the 7705 SAR can be assigned to the NAT pool (for example, local Layer
3 interfaces, loopback interfaces).
By assigning the Layer 3 interface name, the NAT pool inherits the IP address of that specific
interface. For a DHCP client, the NAT pool IP address can change based on the IP address
assigned to the interface by the DHCP server. If the interface IP address changes, all
associated NAT sessions are cleared and re-established.
Local Traffic and NAT
Source NAT does not support self-generated traffic such as OSPF, BGP, or LDP.
Only packets transiting the 7705 SAR node have NAT applied to them. Any packet arriving
on the 7705 SAR with a local IP address will be checked against active NAT sessions on the
datapath (6-tuple lookup), and if there is no match, the packet is sent to the CSM for
processing as local traffic.
Port Forwarding (Static Destination NAT)
Port forwarding consists of mapping an outside destination port to an inside destination IP
address and port. For example, a packet arriving from outside on port X and using a UDP
protocol (from any IP address) is mapped to an inside destination port and destination IP
address.
A typical use of port forwarding is shown in Figure 5. Each inside application is uniquely
accessible via an outside port. For example, the surveillance camera behind the 7705 SAR
can be reached via the UDP protocol and port 50. Any packet from any IP address arriving
on destination port 50 is mapped to an internal destination IP address of 192.168.1.3 and
destination port 50.
Note: Using port forwarding for well-known ports can disrupt in-band local management
traffic.
To Next Page
Loading...
