Enterasys Matrix DFE-Gold Series

944 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Configuring Network Address Translation (NAT)

18-2 Network Address Translation (NAT) Configuration

NATworkswithDNSbyhavingtheDNSApplicationSpecificGateway(ALG)translatean

addressthatappearsinaDomainNameSystemresponsetoanameorinverselookup.

NATworkswithFTPbyhavingtheFTPALGtranslatetheFTPcontrolpayload.BothFTPPORT

CMDpacketsandPASVpackets,

containingIPaddressinformationwithinthedataportion,are

supported.

TheNATimplementationalsosupportsthetranslationoftheIPaddressembeddedinthedata

portionoffollowingtypesofICMPerrormessage:destinationun reachable(type3),sourcequench

(type4),redirect(type5),timeexceeded(type11)andparameterproblem(type12).

Purpose

TodisplayandsetNATandNAPTconfigurationincludingdynamicpools,staticanddynamic

NATconfigurations,FTPcontrolport,ForceFlows,maximumentriesandtimeoutvalues,and

clearactivetranslations.

NAT Configuration Task List and Commands

Table 18‐1liststhemandatoryandoptionaltasksandcommandsforconfiguringNATonthe

EnterasysMatrixSeriesdevice.Commandsaredescribedintheassociatedsectionsasshown.

Table 18-1 NAT Configuration Task List and Commands

Task Use these commands...

Enable NAT on an inside or outside interface. ip nat {inside | outside}

Define a NAT address pool. ip nat pool name start-ip-address

end-ip-address {netmask netmask |

prefix-length prefix-length}

Enable dynamic translation of inside source addresses. ip nat inside source [list access-list] pool

pool-name [overload | interface vlan vlan-id

[overload]]

Enable static NAT translation of inside source addresses. ip nat inside source static local-ip global-ip

Enable static NAPT translation of inside source

addresses.

ip nat inside source static {tcp | udp} local-ip

local-port global-ip global-port

Specify the NAT FTP control port. ip nat ftp-control-port port-number

Block the defined inside IP addresses from ever

appearing on an outside interface.

ip nat secure-plus

Configure the maximum number of translation entries. ip nat translation max-entries number

Configure NAT translation timeout values. ip nat translation {timeout | udp-timeout |

tcp-timeout | icmp-timeout | dns-timeout |

ftp-timeout} seconds

Display active NAT translations. show ip nat translations [verbose]

Display NAT translation statistics. show ip nat statistics [verbose]

Clear dynamic NAT translations. clear ip nat translation

Clear a specific active simple NAT translation. clear ip nat translation inside global-ip

local-ip

Clear a specific dynamic NAT translation. clear ip nat translation {tcp | upd} inside

global-ip global-port local-ip local-port

Table of Contents

Related product manuals

Preview: Enterasys Matrix 2G4072-52

Enterasys Matrix 2G4072-52

Preview: Enterasys Matrix E1 1H582-51

Enterasys Matrix E1 1H582-51

Enterasys Matrix E1 1G694-13

Preview: Enterasys Matrix-V V2H124-24

Enterasys Matrix-V V2H124-24

Preview: Enterasys C3G124-24

Enterasys C3G124-24

Preview: Enterasys B5G124-24

Enterasys B5G124-24

Enterasys A4H124-48P

Preview: Enterasys B5G124-24P2

Enterasys B5G124-24P2

Preview: Enterasys SecureStack C2

Enterasys SecureStack C2

Enterasys SSA-G1018-0652

Preview: SecureStack B3 B3G124-24P

SecureStack B3 B3G124-24P

Preview: SecureStack B2 B2G124-48P

SecureStack B2 B2G124-48P