Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Verification

    The following verification commands (with sample output) can be used to confirm that the NAT is configured properly.


    Results

    1. Verify the source NAT pool creation.
      root@vdc-edge-fw01-n1> show security nat source pool all
      node0:
      --------------------------------------------------------------------------
      Total pools: 1
       
      Pool name          : public-pool
      Pool id            : 4
      Routing instance   : default
      Host address base  : 0.0.0.0
      Port               : [1024, 63487] 
      port overloading   : 1
      Total addresses    : 10
      Translation hits   : 0
      Address range                        Single Ports   Twin Ports 
              10.94.127.1 - 10.94.127.10       12             0    
      
      node1:
      --------------------------------------------------------------------------
      Total pools: 1
       
      Pool name          : public-pool
      Pool id            : 4
      Routing instance   : default
      Host address base  : 0.0.0.0
      Port               : [1024, 63487]      
      port overloading   : 1
      Total addresses    : 10
      Translation hits   : 25470
      Address range                        Single Ports   Twin Ports 
              10.94.127.1 - 10.94.127.10       15             0    
      
    2. Verify the source NAT rule set configuration.
      root@vdc-edge-fw01-n1> show security nat source
      node0:
      --------------------------------------------------------------------------
      Total port number usage for port translation pool: 645120
      Maximum port number for port translation pool: 268435456
      Total pools: 1
      Pool                 Address                  Routing              PAT  Total 
      Name                 Range                    Instance                  Address
      public-pool          10.94.127.1-10.94.127.10 default              yes  10   
      
      Total rules: 1
      Rule name          Rule set       From              To                   Action
      datacenter         Internet-access trust            untrust              public-pool
      
      node1:
      --------------------------------------------------------------------------
      Total port number usage for port translation pool: 645120
      Maximum port number for port translation pool: 268435456
      Total pools: 1
      Pool                 Address                  Routing              PAT  Total 
      Name                 Range                    Instance                  Address
      public-pool          10.94.127.1-10.94.127.10 default              yes  10   
                                              
      Total rules: 1
      Rule name          Rule set       From              To                   Action
      datacenter         Internet-access trust            untrust              public-pool
      
    3. Verify source NAT rules, match conditions, actions, and rule order .
      root@vdc-edge-fw01-n1> show security nat source rule all
      node0:
      --------------------------------------------------------------------------
      Total rules: 1
      Total referenced IPv4/IPv6 ip-prefixes: 2/0
       
      source NAT rule: datacenter           Rule-set: Internet-access 
        Rule-Id                    : 1  
        Rule position              : 1
        From zone                  : trust
        To zone                    : untrust
        Match
          Source addresses         : 172.16.0.0      - 172.16.255.255
          Destination addresses    : 0.0.0.0         - 255.255.255.255
          Destination port         : 0               - 0
        Action                        : public-pool 
          Persistent NAT type         : N/A              
          Persistent NAT mapping type : address-port-mapping 
          Inactivity timeout          : 0
          Max session number          : 0 
        Translation hits           : 0
      
      node1:
      --------------------------------------------------------------------------
      Total rules: 1                          
      Total referenced IPv4/IPv6 ip-prefixes: 2/0
      
      source NAT rule: datacenter Rule-set: Internet-access Rule-Id : 1 Rule position : 1 From zone : trust To zone : untrust Match Source addresses : 172.16.0.0 - 172.16.255.255 Destination addresses : 0.0.0.0 - 255.255.255.255 Destination port : 0 - 0 Action : public-pool Persistent NAT type : N/A Persistent NAT mapping type : address-port-mapping Inactivity timeout : 0 Max session number : 0 Translation hits : 25621 {primary:node1}

    Published: 2015-04-20