[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring a NAT Pool

To hide internal IP addresses from the rest of the Internet, you configure the local tunnel endpoint as the only address in a Network Address Translation (NAT) pool, to ensure that it is the address used for address translation.

To configure a NAT pool for IPSec:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 79.
  3. If you are finished configuring the network, commit the configuration.
  4. To check the configuration, see Verifying the IPSec Tunnel Configuration.

Table 79: Configuring a NAT Pool for IPSec

Task

J-Web Configuration Editor

CLI Configuration Editor

Configure the NAT pool from which the addresses for Network Address Translation are taken.
  1. From the top of the configuration hierarchy, click Services>Nat.
  2. In the Pool field, click Add new entry.
  3. In the Pool name field, type the name of the NAT pool. It can be any unique string less than 64 characters long.
  4. In the Address choice field, select Address from the drop-down menu.
  5. In the Address box, type the IP address of the local tunnel endpoint, in dotted decimal notation.
  1. From the top of the configuration hierarchy, enter

    edit services nat

  2. Add the local tunnel endpoint to the NAT address pool:

    set pool pool-name address 1.1.1.1

Configure the router so that all outgoing traffic is matched against the IP address of the local tunnel endpoint.
  1. From the top of the configuration hierarchy, click Services>Nat.
  2. In the Rule field, click Add new entry.
  3. In the Rule name field, type the name of the rule. The name can be any unique string.
  4. In the Match direction field, select Output from the drop-down menu.
  5. In the Term field, click Add new entry.
  6. In the Term name field, type the name of the term. The name can be any unique string.
  7. Click From.
  8. In the Source address field, click Add new entry.
  9. In the address field, select Enter specific value from the drop-down menu.
  10. In the Address box, type the IP address of the local tunnel endpoint, in dotted decimal notation, and click OK.
  1. From the top of the configuration hierarchy, enter

    edit services nat

  2. Configure a NAT rule and apply it to all output traffic:

    set rule rule-name match-direction output

  3. Configure the rule to match traffic with a source address that is the same as the local tunnel endpoint:

    set rule rule-name term term-name from source-address 1.1.1.1

Configure the router so that the source address for traffic through the local endpoint is translated to the local endpoint address.
  1. From the top of the configuration hierarchy, click Services>Nat>Rule> rule-nameTerm>term-name
  2. Click Then.
  3. Click Translated.
  4. In the Source pool field, type the name of the NAT pool in which the local tunnel endpoint is configured.
  5. In the Source field, select Static from the drop-down menu.
  1. From the top of the configuration hierarchy, enter

    edit services nat rule rule-name term term-name

  2. Configure the source pool:

    set then translated source-pool pool-name

  3. Configure the type of translation:

    set then translated translation-type source static

[Contents] [Prev] [Next] [Index] [Report an Error]

[an error occurred while processing this directive]