Table of Contents
Advertisement
•
Application Level Gateway (ALG) for FTP, ICMP, Netbios over TCP and UDP
–
PPTP/GRE ALG for NAPT - allows PPTP traffic to be NATted
•
Multiple ISP - NAPT based on the egress interface.
•
With NAPT, routing is not automatically filtered out. Use distribution lists to ensure global
networks are advertised out of external ports.
•
NAT configuration for VPN interfaces.
•
Pool NAT (without NAPT).
•
Pool NAT with overload - Each address allocated from the pool is used to perform NAPT.
When all ports are exhausted, the next address is allocated.
•
NAPT with an arbitrary IP address - Any arbitrary IP address can be utilized for NAPT in
addition to the interface IP address.
•
Interface-specific static NAT - Static NAT is employed on an interface so that only packets that
leave/enter that external interface are NATted.
•
Port Forwarding - Interface-static NAT is used for port forwarding. When NAPT is
configured and an incoming packet does not have a translation entry, interface static NAT will
select the private IP address and port based on the packet's destination port.
•
Multiple NATs on an interface - Multiple pool NATs with ACLs, static NAT and NAPT are
supported on an interface simultaneously with the NAT type used in the order it is specified.
•
IPSec support
–
Out-bound packets are processed first by NAT, then forwarded to IPSec for encryption.
–
In-bound packets are processed by NAT after IPSec decryption.
Fore more information, refer to
Virtual Router Redundancy Protocol
The Virtual Router Redundancy Protocol (VRRP) provides redundancy and load sharing of
multiple IP default gateways on a single LAN without requiring that LAN's hosts to run a routing
protocol. VRRP configures multiple IP routers on one broadcast LAN to form a single Virtual
Router (VR), which has both a unique virtual IP and virtual MAC address.
The advantage of this protocol is that hosts on a LAN can switch from one IP router to another (in
case of failure) without changing their routing configuration or running additional protocols.
Load balancing can also be implemented by configuring multiple VRRP routers across multiple IP
routers, with each IP router being the master of a different virtual router.
VRRP is an alternative to dynamic types of router discovery such as proxy ARP, RIP and IRDP in
that it specifies a group of statically configured default gateways on the client. For example,
Figure 5-8
below shows a LAN topology where XSRs 1 and 2 are VRRP routers (running VRRP)
comprising one virtual router (VRRP group). The IP address of the VR matches that of the
Ethernet interface of XSR1 (10.10.10.1).
"Configuring NAT Examples"
IP Routing Protocols
on page 5-38.
XSR User's Guide 5-27
Advertisement
Table of Contents
Troubleshooting
