Working with IP Addressing and NAT Services

Requesting Public IP Addresses for NAT Services

To request one or more IP addresses:

1. In the navigation pane of Enterprise Manager Portal, click the access to which you want to request an IP address.

2. Click the Addresses tab.

   The Addresses page appears.

   Figure 10: Addresses Page Before Requesting Addresses

   

3. In the Number of Addresses field, enter the number of addresses that you want.

   See Address Fields for NAT Addressing in Enterprise Manager Portal.

4. (Optional) If you specify multiple IP addresses and you want the addresses to be sequential, select Contiguous.

5. Click Request.

   Enterprise Manager Portal sends a request to the service provider for the IP addresses and displays the number of outstanding requests. When the service provider allocates the IP addresses, Enterprise Manager Portal displays the public IP addresses assigned to this access and makes the addresses visible in the menus on the NAT page for that access, as shown in Figure 11. If a request for an IP address is outstanding for a certain period of time, Enterprise Manager Portal automatically sends a reminder to the service provider.

   Figure 11: Addresses Page After Requesting Addresses

   

Address Fields for NAT Addressing in Enterprise Manager Portal

Number of Addresses

• Number of IP addresses that you want the service provider to supply.

• Value—Integer in the range 1–2147483647

• Default—1

Contiguous

• Whether or not requested multiple IP addresses should be sequential.

• Value

  • Checked box—IP addresses must be contiguous

  • Empty box—IP address need not be contiguous

• Default—IP address need not be contiguous

Canceling Requests for Public IP Addresses

To cancel a request:

• Click Cancel for that request in the Outstanding Requests for IP Addresses table.

  

Returning Public IP Addresses to Service Providers

To return one or more IP addresses to the service provider:

1. Start at the Addresses page for the subscriber.

2. In the Public IP Addresses table, click in the small box in the last column for each address that you want to return.

   If an enabled NAT rule is using an address, the box for that address is dimmed, and you cannot release that address until you disable or delete the NAT rule listed in the Used By field.

3. Click Release.

Applying NAT Rules to Traffic

After you protect an access with a firewall and have obtained one or more public IP addresses for the access, you can apply the following types of NAT rules to traffic on the access.

• Public addresses for outgoing traffic

  Also known as dynamic source NAT, this type of NAT allows computers with private IP addresses in a private network to share a small set of public IP addresses for outgoing connections. For example, employees in an enterprise can use these public IP address for browsing the Web. You can specify the source IP addresses and, optionally, the ports that the outgoing traffic will use.

• Public addresses for incoming traffic

  Also known as static destination NAT, this type of NAT allows you to expose to the world a server, such as a Web server, that has a private IP address in your private network. You specify a public IP address, and incoming connections destined for that public IP address will be received by your server at its private IP address.

• Fixed public addresses for outgoing traffic

  Also known as static source NAT, this type of NAT allows you to specify the public source IP to be used for specific outgoing traffic. To specify this type of NAT you must set the configuration level of the portal to Advanced (see Setting the Configuration Level for Enterprise Manager Portal).

Enterprise Manager Portal ensures that the SAE activates a basic firewall service before it activates a NAT service.

To apply NAT rules to traffic on devices running Junos OS:

1. In the navigation pane of Enterprise Manager Portal, click the access that connects to the router.

2. Click the NAT tab.

   The NAT page appears.

   Figure 12: NAT Page

   

3. Configure NAT for incoming and outgoing interfaces on the router.

Configuring Public IP Addresses for Outgoing Traffic

To configure public IP addresses for outgoing traffic:

1. Locate the area called Public Addresses for Outgoing Traffic in the NAT page.

2. Enter field values to specify how the router will apply the NAT rule to outgoing traffic.

   See Outgoing Traffic Fields for NAT Addressing in Enterprise Manager Portal.

3. Select Enabled.

4. Click Create.

Outgoing Traffic Fields for NAT Addressing in Enterprise Manager Portal

Address Range

• Contiguous range of public IP addresses to which the source addresses of clients in the enterprise are translated.

• Value—Public IP addresses

• Guidelines—Select the starting and ending IP addresses in the From and To menus. For one IP address, select the same address in the From and To menus.

• Default—No value

Port Range

• Range of ports that are used as the source ports in outgoing IP packets after the NAT translation.

• Value—Integers in the range 0–65535

• Guidelines—Specify the starting and ending port numbers in the From and To fields. Be sure to use a port range big enough to allow all the private addresses to share the limited set of public addresses. To specify all ports in the range 1024–65535, leave these fields empty.

• Default—No value

Enabled

• Whether or not the router applies NAT to outgoing traffic on this access.

• Value

  • Enabled—Checked box

  • Disabled—White box

• Default—Disabled

Configuring Public IP Addresses for Incoming Traffic

To configure public IP addresses for incoming traffic:

1. Locate the area called Public Addresses for Incoming Traffic in the NAT page.

2. Using the field descriptions below, specify how the router will apply the NAT rule to incoming traffic.

3. Click Create.

Incoming Traffic Fields for NAT Addressing in Enterprise Manager Portal

Priority

• Numeric value that indicates which NAT rule takes precedence if you specify more than one NAT rule for an IP address.

• Value—Integer in the range specified by the online help for this field

• Guidelines—You must specify a priority for the NAT rule. A lower number indicates a higher priority. Use a unique priority for each NAT rule that relates to the same traffic. If two rules have the same priority, they will be applied to traffic in an unpredictable order.

• Default—No value

• Example—5

Name

• Name of the NAT rule

• Value—Text string

• Default—No value

• Example—rule1

Public IP

• Public IP address that the router translates to a private address in the enterprise.

• Value—IP address

• Guidelines—Select the public destination address that is to be translated into a private destination address inside the enterprise.

• Default—No value

Private IP

• Private IP address to which the router translates the public IP address.

• Value—IP address

• Guidelines—Enter the private address of the host you wish to make available outside the enterprise.

• Default—No value

Application

• Application object to which the router will apply NAT.

• Value

  • <application>—An application object that you created.

  • Any—Any application

• Guidelines—Select a value from the menu.

• Default—Any

• Example—myVideoConference

Enabled

• Whether or not the router applies NAT to incoming traffic on this access.

• Value

  • Enabled—Checked box

  • Disabled—White box

• Default—Disabled

Configuring Fixed Public Addresses for Outgoing Traffic

To configure fixed public IP addresses for outgoing traffic:

1. Set the portal configuration level to Advanced (see Setting the Configuration Level for Enterprise Manager Portal).

2. Locate the area called Fixed Public Addresses for Outgoing Traffic in the NAT page (see figure NAT Page in Applying NAT Rules to Traffic).

3. Click Create.

Modifying NAT Rules

To modify a NAT rule:

1. Modify the entry in the appropriate table.

2. Click Apply.

Deleting NAT Rules

To delete a public IP address for outgoing traffic, click delete for the address range in the Public Addresses for Outgoing Traffic table.