NAT translates only IP addresses and port numbers in packet headers and does not analyze fields in
application layer payload. However, the packet payloads of some protocols might contain IP address or
port information, which might cause problems if not translated. For example, an FTP application involves
both data connection and control connection. The data connection establishment dynamically depends
on the payload information of the control connection.
NAT configuration task list
Tasks at a glance
Perform at least one of the following tasks:
•
Configuring static NAT
•
Configuring dynamic NAT
•
Configuring NAT Server
If you configure all the tasks on the same interface, NAT Server configuration has the highest priority and
dynamic NAT configuration has the lowest priority.
(Optional.)
(Optional.)
(Optional.)
(Optional.)
Configuring static NAT
Static NAT can be implemented by one-to-one or net-to-net mapping for outbound and inbound
translation. Do not configure inbound static NAT separately. Typically, inbound static NAT works with
other NAT translation methods to implement bidirectional NAT.
Configuration prerequisites
Configure an ACL to identify the IP addresses to be translated. NAT uses only the match criteria of
•
the source IP address, source port number, destination IP address, destination port number,
transport layer protocol, and VPN instance in the ACL rule for packet matching. For more
•
information about ACLs, see ACL and QoS Configuration Guide.
Add a route manually for inbound static NAT. Use local-ip or local-network as the destination
•
address, and use global-ip, an address in global-network, or the next hop address of the output
interface as the next hop.
Configuring outbound one-to-one static NAT
To translate a private IP address into a public IP address, and vice versa, configure outbound one-to-one
static NAT on the interface that connects the external network.
•
When the source IP address of a packet from the private network matches the local-ip, the IP
address is translated to the global-ip.
Configuring NAT with DNS mapping
Configuring NAT hairpin
Configuring NAT with ALG
Configuring NAT logging
118