Avaya 1000 Series Configuration Manual page 126

NAT Configurations
outbound interface filter is enabled on a public interface. A check is performed on the outgoing
interface for NAT ability prior to the packet being sent out.
If an outgoing packet matches a static translation route the packet is translated and sent. IF
ACL filters are configured for Address NAT the following actions are taken:
• Packet is translated if it matches a permit rule
• Packet is forwarded, without being translated if it matches a deny rule
• Packet is forwarded to Address NAT module if no rule is matched.
• In the case of Dynamic Address NAT, if the module is not enabled the packet is dropped.
Incoming Packet Translation
Packets returned to the private client from a host in a public network are known as Incoming
Packets. When the packet is received, prior to route lookup, processing of address translation
for the incoming packets takes place. All inbound packets are subjected to reverseACL to apply
NAT translations; reverseACL enabled by default.
Configuring NAT ACL
Use the following procedure to manually configure a NAT ACL.
Procedure steps
1. To configure NAT ACL, enter Configuration Mode.
2. Enter IP mode.
3. Enter the nat subtree.
4. Create an access list.
5. If applicable, specify an address or range to permit.
6. If applicable, specify an address or range to deny.
7. Exit the access-list configuration to finish or create another.
8. Create an address pool.
9. Specify the address pool range. Note that you can specify more than one range
126 Avaya Secure Router 1000 Series Configuration Guide
configure terminal
ip
nat
access-list <listname>
add permit ip <range-start> <range-end>
add deny ip <range-start> <range-end>
exit
pool <poolname>
using the same command syntax.
December 2010