[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring a NAT Pool

To hide internal IP addresses from the rest of the Internet, you configure the local tunnel endpoint as the only address in a Network Address Translation (NAT) pool, to ensure that it is the address used for address translation.

For more information about NAT, see Network Address Translation.

To configure a NAT pool for IPSec:

Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
Perform the configuration tasks described in Table 33.
If you are finished configuring the router, commit the configuration.
Go on to one of the following procedures:
- To use digital certificates for authentication, see Configuring Digital Certificates for IPSec Tunnels.
- To check the configuration, see Verifying the IPSec Tunnel Configuration.

Table 33: Configuring a NAT Pool for IPSec

Task	J-Web Configuration Editor	CLI Configuration Editor
Configure the NAT pool from which the addresses for Network Address Translation are taken. Name the NAT pool with any unique string of fewer than 64 characters. Provide the IP address of the local tunnel endpoint—for example, 1.1.1.1.	From the top of the configuration hierarchy, click Services>Nat. Next to Pool, click Add new entry. In the Pool name box, type the name of the NAT pool. From the the Address choice list, select Address. In the Address box, type 1.1.1.1.	From the top of the configuration hierarchy, enter edit services nat Add the local tunnel endpoint to the NAT address pool: set pool pool-name address 1.1.1.1
Configure the router so that all outgoing traffic is matched against the IP address of the local tunnel endpoint. Use any unique string for the NAT rule name and for the name of the term in the rule. The source address must be the IP address of the local tunnel endpoint—for example, 1.1.1.1.	From the top of the configuration hierarchy, click Services>Nat. Next to Rule, click Add new entry. In the Rule name box, type the name of the rule. From the Match direction list, select Output. Next to Term, click Add new entry. In the Term name box, type the name of the term. Click From. Next to Source address, click Add new entry. From the address list, select Enter specific value. In the Address box, type 1.1.1.1. Click OK.	From the top of the configuration hierarchy, enter edit services nat Configure a NAT rule and apply it to all output traffic: set rule rule-name match-direction output Configure the rule to match traffic with a source address that is the same as the local tunnel endpoint: set rule rule-name term term-name from source-address 1.1.1.1
Configure the router so that the source address for traffic through the local endpoint is translated to the local endpoint address.	From the top of the configuration hierarchy, click Services>Nat>Rule> rule-nameTerm>term-name Click Then. Click Translated. In the Source pool box, type the name of the NAT pool in which the local tunnel endpoint is configured. From the Source list, select Static. Click OK.	From the top of the configuration hierarchy, enter edit services nat rule rule-name term term-name Configure the source pool: set then translated source-pool pool-name Configure the type of translation: set then translated translation-type source static

Task

J-Web Configuration Editor

CLI Configuration Editor

Configure the NAT pool from which the addresses for Network Address Translation are taken.

Name the NAT pool with any unique string of fewer than 64 characters.

Provide the IP address of the local tunnel endpoint—for example, 1.1.1.1.

From the top of the configuration hierarchy, click Services>Nat.
Next to Pool, click Add new entry.
In the Pool name box, type the name of the NAT pool.
From the the Address choice list, select Address.
In the Address box, type 1.1.1.1.

From the top of the configuration hierarchy, enter
edit services nat
Add the local tunnel endpoint to the NAT address pool:
set pool pool-name address 1.1.1.1

Configure the router so that all outgoing traffic is matched against the IP address of the local tunnel endpoint.

Use any unique string for the NAT rule name and for the name of the term in the rule.

The source address must be the IP address of the local tunnel endpoint—for example, 1.1.1.1.

From the top of the configuration hierarchy, click Services>Nat.
Next to Rule, click Add new entry.
In the Rule name box, type the name of the rule.
From the Match direction list, select Output.
Next to Term, click Add new entry.
In the Term name box, type the name of the term.
Click From.
Next to Source address, click Add new entry.
From the address list, select Enter specific value.
In the Address box, type 1.1.1.1.
Click OK.

From the top of the configuration hierarchy, enter
edit services nat
Configure a NAT rule and apply it to all output traffic:
set rule rule-name match-direction output
Configure the rule to match traffic with a source address that is the same as the local tunnel endpoint:
set rule rule-name term term-name from source-address 1.1.1.1

Configure the router so that the source address for traffic through the local endpoint is translated to the local endpoint address.

From the top of the configuration hierarchy, click Services>Nat>Rule> rule-nameTerm>term-name
Click Then.
Click Translated.
In the Source pool box, type the name of the NAT pool in which the local tunnel endpoint is configured.
From the Source list, select Static.
Click OK.

From the top of the configuration hierarchy, enter
edit services nat rule rule-name term term-name
Configure the source pool:
set then translated source-pool pool-name
Configure the type of translation:
set then translated translation-type source static

[Contents] [Prev] [Next] [Index] [Report an Error]