Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Configuring Twice Dynamic NAT for Next Gen Services

Configuring the Source and Destination Pools for Twice Dynamic NAT

To configure the source and destination pools for twice dynamic NAT:

  1. Create a source pool.
  2. Define the addresses or subnets to which source addresses are translated.

    or

  3. Disable port translation.
  4. Define the NAT pool utilization levels that trigger SNMP traps. The raise-threshold is the pool utilization percentage that triggers the trap, and the range is 50 through 100. The clear-threshold is the pool utilization percentage that clears the trap, and the range is 40 through 100. The utilization is based on the number of addresses that are used.

    If you do not configure pool-utilization-alarm, traps are not created.

  5. Create a destination pool. Do not use the same name that you used for the source pool.
  6. Define the addresses or subnets to which destination addresses are translated.
  7. To allow the IP addresses of a NAT source pool or destination pool to overlap with IP addresses in pools used in other service sets, configure allow-overlapping-pools.

Configuring the NAT Rules for Twice Dynamic NAT

To configure the source and destination NAT rules for twice dynamic NAT:

  1. Configure the source NAT rule name.
  2. Specify the traffic direction to which the NAT rule set applies.
  3. Specify the addresses that are translated by the source NAT rule.

    To specify one address or prefix value:

    To specify a range of addresses, configure an address book global address with the desired address range, and assign the global address to the NAT rule:

    To specify any unicast address:

  4. Specify one or more application protocols to which the source NAT rule applies. The number of applications listed in the rule must not exceed 3072.
  5. Configure the address-pooling paired feature if you want to ensure assignment of the same external IP address for all sessions originating from the same internal host.
  6. Specify the timeout period for address-pooling-paired mappings that use the NAT pool. The range is 120 through 86,400 seconds, and the default is 300. Mappings that are inactive for this amount of time are dropped.

    If you do not configure ei-mapping-timeout for endpoint independent translations, then the mapping-timeout value is used for endpoint independent translations.

  7. Specify the source NAT pool that contains the addresses for translated traffic.
  8. Configure the generation of a syslog when traffic matches the NAT rule conditions.
  9. Configure the destination NAT rule name.
  10. Specify the traffic direction to which the destination NAT rule set applies.
  11. Specify the destination addresses of traffic that the destination NAT rule applies to.

    To specify a range of addresses, configure an address book global address with the desired address range, and assign the global address to the NAT rule:

    To specify any unicast address:

  12. Specify one or more application protocols to which the destination NAT rule applies. The number of applications listed in the rule must not exceed 3072.
  13. Specify the destination NAT pool that contains the destination addresses for translated traffic.
  14. Configure the generation of a syslog when traffic matches the destination NAT rule match conditions.

Configuring the Service Set for Twice Dynamic NAT

To configure the service set for twice dynamic NAT:

  1. Define the service set.
  2. Configure either an interface service, which requires a single service interface, or a next-hop service, which requires an inside and outside service interface.

    or

  3. Specify the NAT rule sets to be used with the service set. Include the source NAT rule set and the destination NAT rule set.