The CLI command # ip nat global add <gladdr> is used to configure the default global address.
Correspondingly, the user defined global address can be deleted using the CLI command # ip nat
global del <gladdr>.
Though the CLI command # ip nat global add <gladdr> allows the user to define
more than one global address, in practice, only the first address in the NAT Global
Address table will be used.
Please note that translation of outbound TCP/UDP fragmented datagrams will fail with NAT enabled. The
reason is that only the first fragment contains the TCP/UDP header that would be necessary to associate
the packet to a session for translation purposes. Subsequent fragments do not contain TCP/UDP port
information, but simply carry the same fragmentation identifier specified in the first fragment.
Consequently, the sessions will be corrupted. Whether NAT drops or forwards ICMP fragmented packets
depends on a number of things, such as the order in which the NAT router receives the ICMP fragments
and the state of the translation table at that time. Under certain conditions, NAT translates the ICMP
fragments differently, making it impossible for the destination device to reassemble the packet.
To view the currently configured dynamic NAPT entries, type the CLI command: # ip nat show.
Example:
# ip nat global add 10.10.1.10
# ip nat show
NAT Configuration
-----------------
Network Address Port Translation (NAPT): Enabled
Global Address Table
If IP Address
dvb0 10.10.1.10
NAT Status
----------
Total Sessions 0
Active Sessions 0
Failed Sessions 0
Packet Translations 0
10.1.2 Configuration of Static NAPT
Static NAPT is used to map incoming connections to different local hosts dependent on their TCP/UDP
port number.
When using static NAPT, both the IP addresses and port numbers of the incoming packets will be
substituted with the IP addresses and port numbers that are defined using the CLI command:
# ip nat napt add <gladdr> <glport
-first
>[<port range>]<locaddr>
[<locport>][<if>]
To Next Page
Loading...