141
5. The internal host receives the DNS response, and obtains the private IP address of the Web
server.
DNS mapping can also be used by DNS ALG. The DNS reply from the external DNS server contains
only the domain name and public IP address of the internal server in the payload. The NAT interface
might have multiple internal servers configured with the same public IP address but different private
IP addresses. DNS ALG might find an incorrect internal server by using only the public IP address. If
a DNS mapping is configured, DNS ALG can obtain the public IP address, public port number, and
protocol type of the internal server by using the domain name. Then it can find the correct internal
server by using the public IP address, public port number, and protocol type of the internal server.
NAT with ALG
NAT with ALG translates address or port information in the application layer payloads to ensure
connection establishment.
For example, an FTP application includes a data connection and a control connection. The IP
address and port number for the data connection depend on the payload information of the control
connection. This requires NAT with ALG to translate the address and port information for data
connection establishment.
NAT configuration task list
Tasks at a glance Remarks
Perform one or more of the following tasks:
• Configuring static NAT
• Configuring dynamic NAT
• Configuring NAT Server
• Configuring NAT444
• Configuring DS-Lite NAT444
If y
ou perform all the tasks on an interface, the NAT rules
are sorted in the following order:
• NAT Server.
• Static NAT.
• Static NAT444.
• Dynamic NAT, dynamic NAT444, and DS-Lite
NAT444.
Dynamic NAT, dynamic NAT444, and DS-Lite
NAT444 have the same priority. Dynamic NAT rules
and dynamic NAT444 rules are sorted in descending
order of ACL numbers and are effective for IPv4
packets. DS-Lite NAT444 rules are effective for IPv6
packets.
(Optional.) Configuring NAT with DNS mapping N/A
(Optional.) Configuring NAT hairpin N/A
(Optional.) Configuring NAT with ALG N/A
(Optional.) Configuring NAT logging N/A
(Optional.) Enabling sending ICMP error
messages for NAT failures
N/A
NAT configuration restrictions and guidelines
If fast forwarding load sharing is enabled, response packets sent or received on a different interface
than request packets are NATed according to fast forwarding entries. If fast forwarding load sharing
is disabled, these packets cannot be NATed. For more information about fast forwarding load sharing,
see "Configuring fast forwarding."
To Next Page
Loading...
