Chapter 18: Network Address Translation (Nat) Configuration; Configuring Network Address Translation (Nat) - Enterasys Matrix DFE-Gold Series Configuration Manual

Network Address Translation (NAT) Configuration
This chapter describes the Network Address Translation (NAT) configuration set of commands
and how to use them.

Configuring Network Address Translation (NAT)

The Enterasys Network Address Translation (NAT) implementation supports Basic NAT and
Network Address Port Translation (NAPT). In addition, the following features are also supported:
• Static and Dynamic NAT Pool Binding
• FTP, DNS, TELNET, SSH, TFTP, HTTP, NTP (Network Time Protocol), and ICMP (with five
different error messages) software path NAT translation
• Force Flows (Secure Plus)
Both basic NAT and NAPT are referred to as traditional NAT and provide a mechanism to connect
a realm with private addresses to an external realm with globally unique registered addresses.
Basic NAT is a method by which IP addresses are mapped from one group to another, transparent
to the end user. NAPT is a method by which many network addresses, along with their associated
TCP/UDP ports, are translated into a single network address and its associated TCP/UDP ports.
The static address binding feature is designed for both the basic NAT and NAPT implementations
to support static and no expire binding, between inside and outside NAT address translation. It
supports one‐to‐one binding, local addresses to global addresses, and TCP/UDP port number
translations.
The dynamic address binding feature is designed for both the basic NAT and NAPT
implementations to support dynamic binding between an address from an access‐list of local
addresses to an address from a pool of global addresses. IP addresses defined for dynamic
binding are reassigned whenever they become available from the global address pool. NAPT
allows port address translation for each IP address in the global pool. The ports are dynamically
assigned between a range of 1024 to 4999.
It is sometimes possible for a host on the outside global network that knows an inside local
address, to be able to send a message directly to the inside local address without NAT translation.
The force flows feature, set using the command ip nat secure‐plus on page
all flows between the inside local pool and the outside global network to be translated.
Router: Unless otherwise noted, the commands covered in this chapter can be executed only
when the device is in router mode. For details on how to enable router configuration modes, refer to
"Enabling Router Configuration
Note: An Enterasys Feature Guide document that contains a complete discussion on NAT
configuration exists at the following Enterasys web site:
manuals/
Modes" on page 2-103.
http://www.enterasys.com/support/
Enterasys Matrix DFE-Gold Series Configuration Guide 18-1
18
18‐7, is designed to force