Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring Dynamic Address-Only Source NAT for Next Gen Services

 

Configuring the Source Pool for Dynamic Address-Only Source NAT

To configure the source pool for dynamic address-only source NAT:

  1. Create a source pool.
  2. Define the addresses or subnets to which source addresses are translated.

    or

  3. Disable port translation.
  4. Define the NAT pool utilization levels that trigger SNMP traps. The raise-threshold is the pool utilization percentage that triggers the trap, and the range is 50 through 100. The clear-threshold is the pool utilization percentage that clears the trap, and the range is 40 through 100. The utilization is based on the number of addresses that are used.

    If you do not configure pool-utilization-alarm, traps are not created.

  5. To allow the IP addresses of a NAT source pool or destination pool to overlap with IP addresses in pools used in other service sets, configure allow-overlapping-pools.

Configuring the NAT Source Rule for Dynamic Address-Only Source NAT

To configure the NAT source rule for dynamic address-only source NAT:

  1. Configure the NAT rule name.
  2. Specify the traffic direction to which the NAT rule set applies.
  3. Specify the addresses that are translated by the source NAT rule.

    To specify one address or prefix value:

    To specify a range of addresses, configure an address book global address with the desired address range, and assign the global address to the NAT rule:

    To specify any unicast address:

  4. Specify one or more application protocols to which the NAT rule applies. The number of applications listed in the rule must not exceed 3072.
  5. Specify the NAT pool that contains the addresses for translated traffic.
  6. Configure the address-pooling paired feature if you want to ensure assignment of the same external IP address for all sessions originating from the same internal host.
  7. Specify the timeout period for address-pooling-paired mappings that use the NAT pool. The range is 120 through 86,400 seconds, and the default is 300. Mappings that are inactive for this amount of time are dropped.

    If you do not configure ei-mapping-timeout for endpoint independent translations, then the mapping-timeout value is used for endpoint independent translations.

  8. Configure the generation of a syslog when traffic matches the NAT rule conditions.

Configuring the Service Set for Dynamic Address-Only Source NAT

To configure the service set for dynamic address-only source NAT:

  1. Define the service set.
  2. Configure either an interface service, which requires a single service interface, or a next-hop service, which requires an inside and outside service interface.

    or

  3. Specify the NAT rule sets to be used with the service set.