Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring NAT (NSM Procedure)

    The Network Address Translation (NAT) feature allows you to configure destination, source NAT, destination NAT, interface, proxy ARP, source, static, and traceoptions.

    To configure the NAT feature:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the NAT.
    3. Click the Configuration tab. In the configuration tree, select Security > Nat.
    4. Enter a comment in the NAT workspace that describes the NAT.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the NAT settings.

    You can now configure the following options:

    1. Configuring a Destination (NSM Procedure)
    2. Configuring Destination NAT (NSM Procedure)
    3. Configuring the Interface (NSM Procedure)
    4. Configuring a Proxy Address Resolution Protocol (NSM Procedure)
    5. Configuring a Source (NSM Procedure)
    6. Configuring the Source Nat (NSM Procedure)
    7. Configuring the Static Nat (NSM Procedure)
    8. Configuring Traceoptions (NSM Procedure)

    Configuring a Destination (NSM Procedure)

    To configure destination:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the destination.
    3. Click the Configuration tab. In the configuration tree, select Security > Nat > Destination.
    4. Configure the options as specified in Table 1.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the destination parameters.

    Table 1: Traceoptions Configuration Details

    OptionFunctionYour Action

    Destination > General

    Comment

    Supplies a descriptive comment for the destination.

    (Optional) Enter a comment.

    Destination > Pool > General

    Name

    Specifies the name of the destination pool.

    Enter a name.

    Comment

    Supplies a descriptive comment for the destination pool.

    (Optional) Enter a comment.

    Destination > Pool > Routing Instance

    Comment

    Supplies a descriptive comment for the destination pool.

    (Optional) Enter a comment.

    Ri Name

    Specifies the routing instance (RI) name.

    Select the Ri Name from the list..

    Destination > Pool > Address > IP Address

    Comment

    Supplies a descriptive comment for the destination IP address.

    (Optional) Enter a comment.

    IP Address

    Specifies the IP address or address range of the destination pool.

    Enter the IP address or an address range.

    Destination > Pool > Address > To Range/Port

    None

    Specifies that neither the destination address nor the port option is selected.

    Select the option.

    To Address

    Specifies the upper limit of the address range.

    Select the option and enter the following:

    • Comment—A descriptive comment about the destination address.
    • To Address—The upper limit of the address range.

    port

    Specifies the port.

    Select the option and set the port. Range: 0 - 65535.

    Configuring Destination NAT (NSM Procedure)

    To configure destination NAT:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the destination NAT.
    3. Click the Configuration tab. In the configuration tree, select Security > Nat > Destination Nat.
    4. Add or modify settings as specified in Table 2.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the destination NAT settings.

    Table 2: Destination NAT Configuration Details

    OptionFunctionYour Action

    destination-nat

    Name

    Specifies a name for the destination NAT.

    Enter a name.

    destination-nat > From

    Zone/RI/Interface

    Specifies the zone, routing instance or the interface selected for the destination NAT.

    Select an option.

    Match

    Source Address

    Specifies the source address for the destination NAT.

    Select the option and enter the following:

    • Comment—Descriptive comment for the destination address.
    • Prefix—Address prefix.
    • Port—Port number.

      Low—Lower limit of the address range.

      High—Higher limit of the address range.

    Source Address Name

    Specifies the source address name of the destination NAT.

    Select the option and enter the following:

    • Comment—Descriptive comment for the address range.
    • Address Object—Address object pushed to the global address book.
    • Port—Port number.

      Low—Lower limit of the address range.

      High—Higher limit of the address range.

    Destination Address

    Specifies the destination address of the destination NAT.

    Either Destination Address or Destination Address Name can be used for an instance.

    Destination Address Name

    Specifies the destination address name of the destination NAT.

    Either Destination Address or Destination Address Name can be used for an instance.

    Destination Port

    • Port—Port number.

      Low—Lower limit of the address range.

      High—Higher limit of the address range.

     

    Action

     
    • None—Specifies that no option is selected.
    • OFF—Specifies that the option is disabled.
    • Pool—Specifies the NAT pool.
    • Interface—Specifies the outgoing option.

    Install On

    Specifies the device on which the rulebase is installed.

    Configuring the Interface (NSM Procedure)

    To configure the interface:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the interface feature.
    3. Click the Configuration tab. In the configuration tree, select Security > Nat > Interface.
    4. Add or modify the interface settings as specified in Table 3.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the interface parameters.

    Table 3: Interface Configuration Details

    OptionFunctionYour Action

    interface

    Name

    Specifies the name of the interface.

    Select the name from the drop-down list.

    Comment

    Supplies a descriptive comment for the interface.

    (Optional) Enter a comment.

    Allow Incoming

    Allows the interface pool to support the incoming traffic.

    Select the Allow Incoming check box to enable this feature.

    interface > Proxy Arp

    Comment

    Supplies a descriptive comment for the proxy Address Resolution Protocol (ARP).

    (Optional) Enter a comment.

    interface > Proxy Arp > Address

    Name

    Specifies the address prefix.

    Enter the address prefix.

    Comment

    Supplies a descriptive comment for the address prefix. This is optional.

    Enter a comment.

    interface > Proxy Arp > Address Range

    Low

    Specifies the lower limit of the address range.

    Enter the lower limit of the address range.

    High

    Specifies the upper limit of the address range.

    Enter the upper limit of the address range.

    Comment

    Supplies a descriptive comment for the address range.

    (Optional) Enter a comment.

    interface > Source Nat

    Comment

    Supplies a descriptive comment for the source NAT.

    (Optional) Enter a comment.

    interface > Source Nat > Pool > pool

    Name

    Specifies the pool name.

    Enter the pool name.

    Comment

    Supplies a descriptive comment for the source NAT pool.

    (Optional) Enter a comment.

    Host Address Low

    Specifies the lower limit of the host address.

    Enter the lower limit of the host address.

    No Port Translation

    Specifies that the port translation is not performed.

    Select the No Port Translation check box to enable this feature.

    Allow Incoming

    Allows the pool to support incoming traffic.

    Select the Allow Incoming check box to enable this feature.

    interface > Source Nat > Pool > pool > Address

    Name

    Specifies the address prefix.

    Enter the address prefix.

    Comment

    Supplies a descriptive comment for the address.

    (Optional) Enter a comment.

    interface > Source Nat > Pool > pool > Address Range

    Low

    Specifies the lower limit of the address range.

    Enter the lower limit of the address range.

    High

    Specifies the upper limit of the address range.

    Enter the upper limit of the address range.

    Comment

    Supplies a descriptive comment for the address range.

    (Optional) Enter a comment.

    interface > Source Nat > Pool > pool > Overflow Pool

    Comment

    Supplies a descriptive comment for the overflow pool.

    (Optional) Enter a comment.

    interface > Source Nat > Pool > pool > Overflow Pool > Pool Name

    None

    Specifies that neither the pool-name or the interface options are enabled.

    Select the option.

    pool-name

    Specifies the overflow pool name.

    Select the option and enter the pool name.

    interface

    Specifies the overflow pool interface.

    Select the option.

    interface > Static Nat

    Name

    Specifies the name of the static NAT.

    Enter the mapped address.

    Comment

    Supplies a descriptive comment for the static NAT.

    (Optional) Enter a comment.

    Host

    Specifies the host address.

    Enter the host address.

    Virtual Router

    Specifies the virtual router to search route to host address.

    Select the virtual router from the list.

    Configuring a Proxy Address Resolution Protocol (NSM Procedure)

    To a configure proxy Address Resolution Protocol (ARP):

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure a proxy ARP.
    3. Click the Configuration tab. In the configuration tree, select Security > Nat > Proxy Arp.
    4. Configure the options as specified in Table 4.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the proxy ARP options.

    Table 4: Proxy ARP Configuration Details

    OptionFunctionYour Action

    General

    Comment

    Supplies a descriptive comment for the proxy ARP.

    (Optional) Enter a comment.

    Interface > interface

    Name

    Specifies the proxy ARP interface name.

    Enter the proxy ARP interface name.

    Comment

    Supplies a descriptive comment for the proxy ARP interface.

    (Optional) Enter a comment.

    Interface > interface > Address

    Name

    Specifies the proxy ARP address.

    Enter the proxy ARP interface address or address range.

    Comment

    Supplies a descriptive comment for the proxy ARP interface address.

    (Optional) Enter a comment.

    Interface > interface > Address > To

    Comment

    Supplies a descriptive comment for the upper limit of the address range.

    (Optional) Enter a comment.

    IPaddr

    Specifies the upper limit of the address range.

    Enter the upper limit of the address range.

    Configuring a Source (NSM Procedure)

    To configure a source:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the source.
    3. Click the Configuration tab. In the configuration tree, select Security > Nat > Source.
    4. Configure the options as specified in Table 5.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the source options.

    Table 5: Source Configuration Details

    OptionFunctionYour Action

    General

    Comment

    Supplies a descriptive comment for source configuration.

    (Optional) Enter a comment.

    Address Persistent

    Allows the source address to maintain the same translation.

    Select the Address Persistent check box to enable this feature.

    General > Pool Utilization Alarm

    Comment

    Supplies a descriptive comment for the pool utilization alarm.

    (Optional) Enter a comment.

    Raise Threshold

    Raises the threshold for the pool utilization alarm.

    Set the threshold. Range: 50 - 100.

    Clear Threshold

    Specifies the threshold for the pool utilization alarm.

    Set the threshold. Range: 40 - 100.

    General > Port Randomization

    Comment

    Supplies a descriptive comment for port randomization.

    (Optional) Enter a comment.

    Disable

    Disables the source NAT port randomization.

    Select the Disable check box to enable this feature.

    General > Interface

    Comment

    Supplies a descriptive comment for the port overloading interface.

    (Optional) Enter a comment.

    Off

    Turns off the interface port overloading.

    Select the Off check box to enable this feature.

    Pool > General

    Name

    Specifies the pool name.

    Enter the pool name.

    Comment

    Supplies a descriptive comment for the pool. This is optional.

    Enter a comment.

    Pool > Routing Instances

    Comment

    Supplies a descriptive comment for the routing instances.

    (Optional) Enter a comment.

    Ri Name

    Specifies the name of the routing instance.

    Select the name from the list.

    Pool > Address > IP Address

    IP Address

    Specifies the IP address or address range.

    Enter the IP address or address range.

    Comment

    Supplies a descriptive comment for the IP address.

    (Optional) Enter a comment.

    Pool > Address > End of Range

    Comment

    Supplies a descriptive comment for the upper limit of the address range. This is optional.

    Enter a comment.

    IPaddr

    Specifies the upper limit of the address range.

    Enter the upper limit of the address range.

    Pool > Host Address Base

    Comment

    Supplies a descriptive comment for the host address base.

    (Optional) Enter a comment.

    IPaddr

    Specifies the base IP address.

    Enter the base IP address.

    Pool > Port Translation > General

    Comment

    Supplies a descriptive comment for the port translation.

    (Optional) Enter a comment.

    Pool > Port Translation > No Translation > General

    No Translation

    Specifies that the port translation is not enabled.

    Select the No Translation check box to enable this feature.

    Pool > Port Translation > No Translation > Translation

    From

    Specifies the lower limit of the port range.

    Enter the following:

    • Comment—A descriptive comment for the lower limit of the port range.
    • Low—The lower limit of the port range. Range: -2147483648 - 2147483647.

    To

    Specifies the upper limit of the port range.

    Enter the following:

    • Comment—A descriptive comment for the upper limit of the port range.
    • High—Specifies the upper limit of the port range. Range: -2147483648 - 2147483647.

    Pool > Overflow Pool > General

    Comment

    Supplies a descriptive comment for the overflow pool.

    Enter a comment.

    Pool > Overflow Pool > Pool Name

    None

    Specifies that neither the pool-name nor the interface option is enabled.

    Select the option.

    pool-name

    Specifies the overflow pool name.

    Select the option and enter the pool name.

    interface

    Specifies the interface for the overflow pool.

    Select the option.

    Configuring the Source Nat (NSM Procedure)

    To configure source NAT:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the source NAT.
    3. Click the Configuration tab. In the configuration tree, select Security > Nat > Source Nat.
    4. Add or modify settings as specified in Table 2.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the source NAT settings.

    Table 6: Source NAT Configuration Details

    OptionFunctionYour Action

    source-nat

    Name

    Specifies a name for the source NAT.

    Enter a name.

    source-nat > From

    Zone/RI/Interface

    Specifies the zone, routing instance or the interface selected for the source NAT.

    Select an option.

    Source Address

    Specifies source address of the destination NAT.

    Select the option and enter the following:

    • Comment—Descriptive comment for the destination address.
    • Prefix—Address prefix.
    • Port—Port number.

      Low—Lower limit of the address range.

      High—Higher limit of the address range.

    Source Address Name

    Specifies source address name of the destination NAT.

    Select the option and enter the following:

    • Comment—Descriptive comment for the address range.
    • Address Object—Address object pushed to the global address book.
    • Port—Port number.

      Low—Lower limit of the address range.

      High—Higher limit of the address range.

    source-nat > To

    Zone/RI/Interface

    Specifies the zone, routing instance or the interface selected for the destination NAT.

    Select an option.

    Destination Address

    Specifies destination address of the destination NAT.

    Either destination address or destination address name can be used for an instance.

    Destination Address Name

    Specifies destination address name of the destination NAT.

    Either destination address or destination address name can be used at an instance.

    Destination Port

    Specifies destination port number.

    The port options are:

    • Low—Lower limit of the address range.
    • High—Higher limit of the address range.

    Action

     
    • None—Specifies that no option is selected.
    • OFF—Specifies that the option is disabled.
    • Pool—Specifies the NAT pool.
    • Interface—Specifies the outgoing option.

    Install On

    Specifies the device on which the rulebase is installed.

    Configuring the Static Nat (NSM Procedure)

    To configure the static NAT:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the static NAT.
    3. Click the Configuration tab. In the configuration tree, select Security > Nat > Static Nat.
    4. Add or modify settings as specified in Table 2.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the static NAT settings.

    Table 7: Static NAT Configuration Details

    OptionFunctionYour Action

    static-nat

    Name

    Specifies a name for the static NAT.

    Enter a name.

    Zone/RI/Interface

    Specifies the zone, routing instance or the interface selected for the destination NAT.

    Select an option.

    Destination Address

    Specifies the destination address of the destination NAT.

    Either Destination Address or Destination Address Name can be used for an instance.

    Destination Address Name

    Specifies the destination address name of the destination NAT.

    Either Destination Address or Destination Address Name can be used for an instance.

    Action

    Prefix

    Specifies the prefix address.

    Prefix Name

    Specifies the prefix name.

    Install On

    Specifies the device on which the rulebase is installed.

    Configuring Traceoptions (NSM Procedure)

    The traceoptions feature allows you to configure the file and the flag options.

    To configure traceoptions:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the traceoptions.
    3. Click the Configuration tab. In the configuration tree, select Security > Nat > Traceoptions.
    4. Configure the options as specified in Table 8.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the traceoptions settings.

    Table 8: Traceoptions Configuration Details

    OptionFunctionYour Action

    Comment

    Supplies a descriptive comment for the traceoptions.

    (Optional) Enter a comment.

    No Remote Trace

    Disables the remote tracing.

    Select the No Remote Trace check box to enable this feature.

    You can now configure the following options:

    Configuring the File Options (NSM Procedure)

    To configure file options:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the file options.
    3. Click the Configuration tab. In the configuration tree, select Security > Nat > Traceoptions > File.
    4. Configure the file options as specified in Table 9.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the file settings.

    Table 9: File Configuration Details

    OptionFunctionYour Action

    Comment

    Supplies a descriptive comment for the filename.

    (Optional) Enter a comment.

    Filename

    Specifies the filename to write the traceoptions.

    Enter a filename.

    Size

    Specifies the maximum size of the trace file.

    Enter the maximum file size.

    Files

    Specifies the maximum number of trace files.

    Set the maximum number of trace files. Range: 2 through 1000.

    None

    Specifies that neither the world-readable nor the no-world-readable option is enabled.

    Select the option.

    world-readable

    Allows any user to read the log file.

    (Optional) Select the option.

    no-world-readable

    Prevents any user from reading the log file.

    (Optional) Select the option.

    Match

    Specifies the regular expression for the lines to be logged.

    Enter the match expression.

    Configuring Flag Options (NSM Procedure)

    To configure flag options:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure flag options.
    3. Click the Configuration tab. In the configuration tree, select Security > Nat > Traceoptions > Flag.
    4. Add or modify setting as specified in Table 10.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the flag settings.

    Table 10: Flag Configuration Details

    OptionFunctionYour Action

    Name

    Specifies the trace flag name.

    Select a name from the list.

    Comment

    Supplies a descriptive comment for the trace flag.

    (Optional) Enter a comment.

    Syslog

    Specifies that the NAT flow trace files are recorded to the system log.

    Select the Syslog check box to enable this feature.

    Published: 2013-01-06