Name: Enterasys Matrix DFE-Gold Series
Brand: Enterasys
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Enterasys Matrix DFE-Gold Series Configuration Guide 18-1

Network Address Translation (NAT) Configuration

ThischapterdescribestheNetworkAddressTranslation(NAT)configurationsetofcommands

andhowtousethem.

Configuring Network Address Translation (NAT)

TheEnterasysNetworkAddressTranslation(NAT)implementationsupportsBasicNATand

NetworkAddressPortTranslation(NAPT).Inaddition,thefollowingfeaturesarealsosupported:

•StaticandDynamicNATPoolBinding

•FTP,DNS,TELNET,SSH,TFTP,HTTP,NTP(NetworkTimeProtocol),andICMP(withfive

differenterrormessages)softwarepathNATtranslation

•Force

Flows(SecurePlus)

BothbasicNATandNAPTarereferredtoastraditionalNATandprovideamechanismtoconnect

arealmwithprivateaddressestoanexternalrealmwithgloballyuniqueregisteredaddresses.

BasicNATisamethodbywhichIPaddressesaremappedfromonegrouptoanother,transparent

totheenduser.NAPTisamethodbywhichmanynetworkaddresses,alongwiththeirassociated

TCP/UDPports,aretranslatedintoasinglenetworkaddressanditsassociatedTCP/UDPports.

ThestaticaddressbindingfeatureisdesignedforboththebasicNATandNAPTimplementations

tosupportstaticandno

expirebinding,betweeninsideandoutsideNATaddresstranslation.It

supportsone‐to‐onebinding,localaddressestoglobaladdresses,andTCP/UDPportnumber

translations.

ThedynamicaddressbindingfeatureisdesignedforboththebasicNATandNAPT

implementationstosupportdynamicbindingbetweenanaddressfromanaccess‐list

oflocal

addressestoanaddressfromapoolofglobaladdresses.IPaddressesdefinedfordynamic

bindingarereassignedwhenevertheybecomeavailablefromtheglobaladdresspool.NAPT

allowsportaddresstranslationforeachIPaddressintheglobalpool.Theportsaredynamically

assignedbetweenarangeof

1024to4999.

Itissometimespossibleforahostontheoutsideglobalnetworkthatknowsaninsidelocal

address,tobeabletosendamessagedirectlytotheinsidelocaladdresswithoutNATtranslation.

Theforceflowsfeature,setusingthecommandipnatsecure‐plusonpage 18

‐7,isdesignedtoforce

allflowsbetweentheinsidelocalpoolandtheoutsideglobalnetworktobetranslated.

Router: Unless otherwise noted, the commands covered in this chapter can be executed only

when the device is in router mode. For details on how to enable router configuration modes, refer to

“Enabling Router Configuration Modes” on page 2-103.

Note: An Enterasys Feature Guide document that contains a complete discussion on NAT

configuration exists at the following Enterasys web site: http://www.enterasys.com/support/

manuals/

Brand	Enterasys
Model	Matrix DFE-Gold Series
Category	Switch
Language	English

Enterasys Matrix DFE-Gold Series User Manual

Table of Contents

Questions and Answers:

Enterasys Matrix DFE-Gold Series Specifications

Related product manuals