[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Configuring Full-Cone NAT

To configure full-cone NAT, you must define a NAT pool that specifies the address to be used for network address translation. Next, you must define a NAT rule and then apply this rule to an interface. Each NAT rule consists of a set of terms that contain match conditions and actions. For a description of NAT match conditions and actions, see Network Address Translation.

The example in this section shows a full-cone NAT configuration. It shows how to create the pool nat-pool and define the rule nat-rule for full-cone NAT.

To configure full-cone NAT:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 88.
  3. Apply the NAT configuration to an interface. See Applying NAT to an Interface.

Table 88: Configuring Full-Cone NAT

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Nat level in the configuration hierarchy.
  1. In the J-Web interface, select Configuration>View and Edit>Edit Configuration.
  2. Next to Services, click Configure or Edit.
  3. Next to Nat, click Configure or Edit.

From the [edit] hierarchy level, enter

edit services nat

Define nat-pool and assign it an address to be used for network address translation.
  1. Next to Pool, click Add new entry.
  2. In the Pool Name box, type nat-pool.
  3. Next to Address, click Add new entry.
  4. In the Prefix box, type 121.0.1.0/24.
  5. Click OK twice.

Set the NAT pool name and the address:

set pool nat-pool address 121.0.1.0/24

Define nat-rule and set its match direction.
  1. On the Nat page, next to Rule, click Add new entry.
  2. In the Rule name box, type nat-rule.
  3. From the Match direction list, select output.

Set the rule name and its match direction:

set rule nat-rule match-direction output

Define nat-term for nat-rule and specify its match condition—source address 10.0.1.0/24.

  1. On the Rule page, next to Term, select Add new entry.
  2. In the Term name box, type nat-term.
  3. Next to From, click Configure.
  4. Next to Application sets, click Add new entry.
  5. In the Application set name box, type nat-application.
  6. Next to Applications, click Add new entry.
  7. In the Application name box, type nat-application.
  8. Next to Destination address, click Add new entry.
  9. From the Address list, select Enter Specific Value or any-unicast.
  10. If you have selected Enter Specific Value, then in the Address box, type 10.100.136.1/24.
  11. Next to Destination address range, click Add new entry.
  12. Next to Low box, type 10.100.136.1/24.
  13. Next to High box, type 10.00.136.5/24.
  14. Next to Destination prefix list, click Add new entry.
  15. In the Name box, type nat-destination.
  16. Next to Source Address, click Add new entry.
  17. From the Address list, select Enter Specific Value or any-unicast.
  18. If you have selected Enter Specific Value, then in the Prefix box, type 10.100.136.1/24.
  19. Next to Source address range, click Add new entry.
  20. Next to Low box, type 10.100.136.1/24.
  21. Next to High box, type 10.100.136.5/24.
  22. Next to Source prefix list, click Add new entry.
  23. In the Name box, type nat-source.
  24. Click OK twice.

Set the term name and its match condition:

set rule nat-rule term nat-term from application-sets nat-application

set rule nat-rule term nat-term from source-address 10.100.136.5/24

set rule nat-rule term nat-term from source-address-range 10.100.136.1/24 10.100.136.5/24

set rule nat-rule term nat-term from source-prefix-list nat-source

set rule nat-rule term nat-term then translated source-pool nat-pool

Specify the referenced pool for nat-term and set its action—to translate the source addresses to addresses from the referenced pool on a one-to-one basis.
  1. From the Nat Type choice list, select full-cone.
  2. Next to Then, select Configure.
  3. From the Designation list, select Translated.
  4. Next to Translation type, click Configure.
  5. From the Source pool choice list, select Source pool.
  6. In the Source pool box, type nat-pool.
  7. Click OK.

Set the pool and action for the term:

set rule nat-rule term nat-term then translated source-pool nat-pool translation-type source static

set rule nat-rule term nat-term from destination-address 10.100.136.1/24

set rule nat-rule term nat-term from destination-address-range 10.100.136.1/24 10.100.136.5/24

set rule nat-rule term nat-term from destination-prefix-list nat-destination

set rule nat-rule term nat-term then nat-group1

set rule nat-rule term nat-term nat-type full-cone

Specify the groups for which this NAT configuration is applicable and the exception groups.

Expand the Advanced option.

  1. Next to the Apply groups, click Add new entry.
  2. In the Value box, type nat-group.
  3. Next to the Apply groups except, click Add new entry.
  4. In the Value box, type nat-group1.
  5. Click OK twice.

Set the group and group exceptions for NAT:

set rule nat-rule term nat-term then translated nat-group

set rule nat-rule term nat-term then translated nat-group1

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]