IP Addressing: NAT Configuration Guide, Cisco IOS Release 15M&T PDF
Preview IP Addressing: NAT Configuration Guide, Cisco IOS Release 15M&T
IP Addressing: NAT Configuration Guide, Cisco IOS Release 15M&T AmericasHeadquarters CiscoSystems,Inc. 170WestTasmanDrive SanJose,CA95134-1706 USA http://www.cisco.com Tel:408526-4000 800553-NETS(6387) Fax:408527-0883 THESPECIFICATIONSANDINFORMATIONREGARDINGTHEPRODUCTSINTHISMANUALARESUBJECTTOCHANGEWITHOUTNOTICE.ALLSTATEMENTS, INFORMATION,ANDRECOMMENDATIONSINTHISMANUALAREBELIEVEDTOBEACCURATEBUTAREPRESENTEDWITHOUTWARRANTYOFANYKIND, EXPRESSORIMPLIED.USERSMUSTTAKEFULLRESPONSIBILITYFORTHEIRAPPLICATIONOFANYPRODUCTS. THESOFTWARELICENSEANDLIMITEDWARRANTYFORTHEACCOMPANYINGPRODUCTARESETFORTHINTHEINFORMATIONPACKETTHATSHIPPEDWITH THEPRODUCTANDAREINCORPORATEDHEREINBYTHISREFERENCE.IFYOUAREUNABLETOLOCATETHESOFTWARELICENSEORLIMITEDWARRANTY, CONTACTYOURCISCOREPRESENTATIVEFORACOPY. TheCiscoimplementationofTCPheadercompressionisanadaptationofaprogramdevelopedbytheUniversityofCalifornia,Berkeley(UCB)aspartofUCB'spublicdomainversionof theUNIXoperatingsystem.Allrightsreserved.Copyright©1981,RegentsoftheUniversityofCalifornia. NOTWITHSTANDINGANYOTHERWARRANTYHEREIN,ALLDOCUMENTFILESANDSOFTWAREOFTHESESUPPLIERSAREPROVIDED“ASIS"WITHALLFAULTS. CISCOANDTHEABOVE-NAMEDSUPPLIERSDISCLAIMALLWARRANTIES,EXPRESSEDORIMPLIED,INCLUDING,WITHOUTLIMITATION,THOSEOF MERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEANDNONINFRINGEMENTORARISINGFROMACOURSEOFDEALING,USAGE,ORTRADEPRACTICE. INNOEVENTSHALLCISCOORITSSUPPLIERSBELIABLEFORANYINDIRECT,SPECIAL,CONSEQUENTIAL,ORINCIDENTALDAMAGES,INCLUDING,WITHOUT LIMITATION,LOSTPROFITSORLOSSORDAMAGETODATAARISINGOUTOFTHEUSEORINABILITYTOUSETHISMANUAL,EVENIFCISCOORITSSUPPLIERS HAVEBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES. AnyInternetProtocol(IP)addressesandphonenumbersusedinthisdocumentarenotintendedtobeactualaddressesandphonenumbers.Anyexamples,commanddisplayoutput,network topologydiagrams,andotherfiguresincludedinthedocumentareshownforillustrativepurposesonly.AnyuseofactualIPaddressesorphonenumbersinillustrativecontentisunintentional andcoincidental. Allprintedcopiesandduplicatesoftcopiesofthisdocumentareconsidereduncontrolled.Seethecurrentonlineversionforthelatestversion. Ciscohasmorethan200officesworldwide.AddressesandphonenumbersarelistedontheCiscowebsiteatwww.cisco.com/go/offices. Thedocumentationsetforthisproductstrivestousebias-freelanguage.Forpurposesofthisdocumentationset,bias-freeisdefinedaslanguagethatdoesnotimplydiscriminationbasedon age,disability,gender,racialidentity,ethnicidentity,sexualorientation,socioeconomicstatus,andintersectionality.Exceptionsmaybepresentinthedocumentationduetolanguagethat ishardcodedintheuserinterfacesoftheproductsoftware,languageusedbasedonstandardsdocumentation,orlanguagethatisusedbyareferencedthird-partyproduct. CiscoandtheCiscologoaretrademarksorregisteredtrademarksofCiscoand/oritsaffiliatesintheU.S.andothercountries.ToviewalistofCiscotrademarks,gotothisURL: https://www.cisco.com/c/en/us/about/legal/trademarks.html.Third-partytrademarksmentionedarethepropertyoftheirrespectiveowners.Theuseofthewordpartnerdoesnotimplya partnershiprelationshipbetweenCiscoandanyothercompany.(1721R) ©2022CiscoSystems,Inc.Allrightsreserved. CONTEN TS CHAPTER 1 ConfiguringNATforIPAddressConservation 1 PrerequisitesforConfiguringNATforIPAddressConservation 1 AccessLists 1 NATRequirements 2 RestrictionsforConfiguringNATforIPAddressConservation 2 InformationAboutConfiguringNATforIPAddressConservation 3 BenefitsofConfiguringNATforIPAddressConservation 3 PurposeofNAT 4 HowNATWorks 4 UsesofNAT 4 NATInsideandOutsideAddresses 4 InsideSourceAddressTranslation 5 OverloadingofInsideGlobalAddresses 6 TypesofNAT 8 AddressTranslationofOverlappingNetworks 8 NATVirtualInterface 10 TCPLoadDistributionforNAT 11 RouteMapOverview 12 StaticIPAddressSupport 12 RADIUS 13 Denial-of-ServiceAttacks 13 VirusesandWormsThatTargetNAT 13 HowtoConfigureNATforIPAddressConservation 13 ConfiguringInsideSourceAddresses 13 ConfiguringStaticTranslationofInsideSourceAddresses 14 ConfiguringDynamicTranslationofInsideSourceAddresses 15 IPAddressing:NATConfigurationGuide,CiscoIOSRelease15M&T iii Contents UsingNATtoAllowInternalUsersAccesstotheInternet 17 ConfiguringAddressTranslationTimeouts 19 ChangingtheTranslationTimeout 19 ChangingtheTimeoutsWhenOverloadingIsConfigured 20 AllowingOverlappingNetworkstoCommunicateUsingNAT 21 ConfiguringStaticTranslationofOverlappingNetworks 22 WhattoDoNext 23 ConfiguringDynamicTranslationofOverlappingNetworks 23 ConfiguringtheNATVirtualInterface 25 RestrictionsforNATVirtualInterface 25 EnablingaDynamicNATVirtualInterface 26 EnablingaStaticNATVirtualInterface 27 ConfiguringServerTCPLoadBalancing 28 EnablingRouteMapsonInsideInterfaces 30 EnablingNATRouteMapsOutside-to-InsideSupport 31 ConfiguringNATofExternalIPAddressesOnly 32 ConfiguringtheNATDefaultInsideServerFeature 34 ReenablingRTSPonaNATRouter 35 ConfiguringSupportforUserswithStaticIPAddresses 36 ConfiguringSupportforARPPing 38 ConfiguringtheRateLimitingNATTranslationFeature 39 ConfigurationExamplesforConfiguringNATforIPAddressConservation 40 Example:ConfiguringStaticTranslationofInsideSourceAddresses 40 Example:ConfiguringDynamicTranslationofInsideSourceAddresses 41 Example:UsingNATtoAllowInternalUsersAccesstotheInternet 42 Example:AllowingOverlappingNetworkstoCommunicateUsingNAT 42 Example:ConfiguringtheNATVirtualInterface 42 Example:ConfiguringServerTCPLoadBalancing 42 Example:EnablingRouteMapsonInsideInterfaces 43 Example:EnablingNATRouteMapsOutside-to-InsideSupport 43 Example:ConfiguringNATofExternalIPAddressesOnly 43 Example:ConfiguringSupportforUserswithStaticIPAddresses 43 Example:ConfiguringNATStaticIPSupport 43 Example:CreatingaRADIUSProfileforNATStaticIPSupport 44 IPAddressing:NATConfigurationGuide,CiscoIOSRelease15M&T iv Contents Example:ConfiguringtheRateLimitingNATTranslationFeature 44 Example:SettingaGlobalNATRateLimit 44 Example:SettingNATRateLimitsforaSpecificVRFInstance 44 Example:SettingNATRateLimitsforAllVRFInstances 45 Example:SettingNATRateLimitsforAccessControlLists 45 Example:SettingNATRateLimitsforanIPAddress 45 WheretoGoNext 45 AdditionalReferences 45 FeatureInformationforConfiguringNATforIPAddressConservation 46 CHAPTER 2 UsingApplication-LevelGatewayswithNAT 49 PrerequisitesforUsingApplicationLevelGatewayswithNAT 49 RestrictionsforUsingApplication-LevelGatewayswithNAT 50 InformationAboutUsingApplication-LevelGatewayswithNAT 50 BenefitsofConfiguringNATIPsec 50 IPsec 50 VoiceandMultimediaoverIPNetworks 51 NATSupportofH.323v2RAS 52 NATSupportforH.323v3andv4inv2CompatibilityMode 52 NATH.245TunnelingSupport 52 NATSupportofSkinnyClientControlProtocol 52 NATSupportofSCCPFragmentation 53 NATSegmentationwithLayer4Forwarding 53 HowtoConfigureApplication-LevelGatewayswithNAT 54 ConfiguringIPsecThroughNAT 54 ConfiguringIPsecESPThroughNAT 54 EnablingthePreservePort 55 EnablingSPIMatchingontheNATDevice 56 EnablingSPIMatchingonEndpoints 57 EnablingMultiPartSDPSupportforNAT 58 ConfiguringNATBetweenanIPPhoneandCiscoCallManager 59 ConfigurationExamplesforUsingApplication-LevelGatewayswithNAT 59 Example:SpecifyingaPortforNATTranslation 59 Example:EnablingthePreservePort 59 IPAddressing:NATConfigurationGuide,CiscoIOSRelease15M&T v Contents ExampleEnablingSPIMatching 60 Example:EnablingSPIMatchingonEndpoints 60 Example:EnablingMultiPartSDPSupportforNAT 60 Example:SpecifyingaPortforNATTranslation 60 WheretoGoNext 60 AdditionalReferences 60 FeatureInformationforUsingApplication-LevelGatewayswithNAT 61 CHAPTER 3 NATBox-to-BoxHigh-AvailabilitySupport 63 FindingFeatureInformation 63 PrerequisitesforNATBox-to-BoxHigh-AvailabilitySupport 63 RestrictionsforNATBox-to-BoxHigh-AvailabilitySupport 64 InformationAboutNATBox-to-BoxHigh-AvailabilitySupport 64 NATBox-to-BoxHighAvailabilityOverview 64 ReasonsforActiveDeviceFailover 65 NATinActive-StandbyMode 65 NATBox-to-BoxHighAvailabilityOperation 66 NATBox-to-BoxHigh-AvailabilityLAN-LANTopology 66 NATBox-to-BoxHigh-AvailabilityWAN-LANTopology 67 ExclusiveVirtualIPAddressesandExclusiveVirtualMACAddresses 68 NATAsymmetricRouting 68 NATBox-to-BoxHighAvailabilityonAsymmetric-RoutingTopology 69 DisablingNATHighAvailabilityonAsymmetric-RoutingTopology 69 KeyConfigurationElementsforNATBox-to-BoxHighAvailabilitySupport 69 HowtoConfigureBox-to-BoxHighAvailabilitysupport 70 ConfiguringaRedundancyApplicationGroup 70 ConfiguringData,Control,andAsymmetricRoutingInterfaces 72 EnablingData,ControlandAsymmetricRoutingInterfaces 74 ConfiguringNATBox-to-BoxInterfaceRedundancy 76 ConfiguringAsymmetricRoutingforNATBox-to-BoxHigh-AvailabilitySupport 78 ConfigurationExamplesforNATBox-to-BoxHigh-AvailabilitySupport 79 Example:ConfiguringaRedundancyApplicationGroup 79 Example:ConfiguringData,Control,andAsymmetricRoutingInterfaces 80 Example:EnablingData,ControlandAsymmetricRoutingInterfaces 80 IPAddressing:NATConfigurationGuide,CiscoIOSRelease15M&T vi Contents Example:ConfiguringaNATBox-to-BoxHigh-AvailabilitySupport 80 Example:ConfiguringAsymmetricRoutingforNATBox-to-BoxHigh-AvailabilitySupport 81 AdditionalReferencesforNATBox-to-BoxHigh-AvailabilitySupport 81 FeatureInformationforNATBox-to-BoxHigh-AvailabilitySupport 81 CHAPTER 4 StatelessNetworkAddressTranslation64 83 FindingFeatureInformation 83 RestrictionsforStatelessNetworkAddressTranslation64 83 InformationAboutStatelessNetworkAddressTranslation64 84 IPv4-TranslatableIPv6Address 84 PrefixesFormat 84 SupportedStatelessNAT64Scenarios 85 HowtoConfigureStatelessNetworkAddressTranslation64 86 ConfiguringaRoutingNetworkforStatelessNAT64Communication 86 MonitoringandMaintainingtheStatelessNAT64RoutingNetwork 89 ConfigurationExamplesforStatelessNetworkAddressTranslation64 91 ExampleConfiguringaRoutingNetworkforStatelessNAT64Translation 91 AdditionalReferencesforStatelessNetworkAddressTranslation64 92 FeatureInformationforStatelessNetworkAddressTranslation64 93 Glossary 93 CHAPTER 5 StatefulNetworkAddressTranslation64 95 FindingFeatureInformation 95 PrerequisitesforConfiguringStatefulNetworkAddressTranslation64 96 RestrictionsforConfiguringStatefulNetworkAddressTranslation64 96 InformationAboutStatefulNetworkAddressTranslation64 96 StatefulNetworkAddressTranslation64 96 SupportedStatefulNAT64Scenarios 97 PrefixesFormatforStatefulNetworkAddressTranslation64 98 WellKnownPrefix 98 StatefulIPv4-to-IPv6PacketFlow 98 StatefulIPv6-to-IPv4PacketFlow 99 IPPacketFiltering 99 HowtoConfigureStatefulNetworkAddressTranslation64 100 IPAddressing:NATConfigurationGuide,CiscoIOSRelease15M&T vii Contents ConfiguringStaticStatefulNetworkAddressTranslation64 100 ConfiguringDynamicStatefulNetworkAddressTranslation64 102 ConfiguringDynamicPortAddressTranslationStatefulNAT64 105 MonitoringandMaintainingaStatefulNAT64RoutingNetwork 108 ConfigurationExamplesforStatefulNetworkAddressTranslation64 109 Example:ConfiguringStaticStatefulNetworkAddressTranslation64 109 Example:ConfiguringDynamicStatefulNetworkAddressTranslation64 110 Example:ConfiguringDynamicPortAddressTranslationStatefulNAT64 110 AdditionalReferences 111 FeatureInformationforStatefulNetworkAddressTranslation64 111 CHAPTER 6 MappingofAddressandPortUsingTranslation 113 RestrictionsforMappingofAddressandPortUsingTranslation 113 InformationAboutMappingofAddressandPortUsingTranslation 113 MappingofAddressandPortUsingTranslationOverview 113 MAP-TMappingRules 114 MAP-TAddressFormats 115 PacketForwardinginMAP-TCustomerEdgeDevices 115 PacketForwardinginBorderRouters 116 ICMP/ICMPv6HeaderTranslationforMAP-T 116 PathMTUDiscoveryandFragmentationinMAP-T 117 HowtoConfigureMappingofAddressandPortUsingTranslation 117 ConfiguringMappingofAddressandPortUsingTranslation 117 ConfigurationExamplesforMappingofAddressandPortUsingTranslation 119 Example:ConfiguringMappingofAddressandPortUsingTranslation 119 Example:MAP-TDeploymentScenario 119 AdditionalReferencesforMappingofAddressandPortUsingTranslation 120 FeatureInformationforMappingofAddressandPortUsingTranslation 121 Glossary 121 CHAPTER 7 MappingofAddressandPortUsingEncapsulation 123 FeatureInformationforMappingofAddressandPortUsingEncapsulation 123 RestrictionsforMappingofAddressandPortUsingEncapsulation 123 InformationAboutMappingofAddressPortUsingEncapsulation 124 IPAddressing:NATConfigurationGuide,CiscoIOSRelease15M&T viii Contents MappingofAddressandPortUsingEncapsulation 124 MapRuleRequest 124 MapRuleServerTransmissionofData 125 MapRuleServerURLSpecification 125 MapRuleServerTransmissionofData 125 MapRuleServerResponseParameters 126 HowtoConfigureMappingofAddressPortUsingEncapsulation 126 EnableTunnelInterface 126 AutomaticConfigurationofAddressandPortUsingEncapsulation 129 VerifyingManualMappingofAddressandPortUsingEncapsulationConfiguration 130 AutomaticConfigurationofAddressandPortUsingEncapsulation 130 ConfigurationExamplesforMappingofAddressandPortUsingEncapsulation 132 Example:ManualMappingofAddressandPortUsingEncapsulationConfiguration 132 AdditionalReferencesforMappingofAddressandPortUsingEncapsulation 133 CHAPTER 8 IntegratingNATwithMPLSVPNs 135 PrerequisitesforIntegratingNATwithMPLSVPNs 135 RestrictionsforIntegratingNATwithMPLSVPNs 135 InformationAboutIntegratingNATwithMPLSVPNs 136 BenefitsofNATIntegrationwithMPLSVPNs 136 ImplementationOptionsforIntegratingNatwithMPLSVPNs 136 ScenariosforImplementingNATonthePERouter 136 HowtoIntegrateNATwithMPLSVPNs 137 ConfiguringInsideDynamicNATwithMPLSVPNs 137 ConfiguringInsideStaticNATwithMPLSVPNs 139 ConfiguringOutsideDynamicNATwithMPLSVPNs 140 ConfiguringOutsideStaticNATwithMPLSVPNs 141 ConfigurationExamplesforIntegratingNATwithMPLSVPNs 143 ConfiguringInsideDynamicNATwithMPLSVPNsExample 143 ConfiguringInsideStaticNATwithMPLSVPNsExample 143 ConfiguringOutsideDynamicNATwithMPLSVPNsExample 144 ConfiguringOutsideStaticNATwithMPLSVPNsExample 144 WheretoGoNext 144 AdditionalReferencesforIntegratingNATwithMPLSVPNs 145 IPAddressing:NATConfigurationGuide,CiscoIOSRelease15M&T ix Contents FeatureInformationforIntegratingNATwithMPLSVPNs 145 CHAPTER 9 ConfiguringHostedNATTraversalforSessionBorderController 147 PrerequisitesforConfiguringCiscoIOSHostedNATTraversalforSessionBorderController 147 RestrictionsforConfiguringCiscoIOSHostedNATTraversalforSessionBorderController 148 InformationAboutConfiguringCiscoIOSHostedNATTraversalforSessionBorderController 148 VoiceandMultimediaoverIPNetworks 148 CiscoIOSHostedNATTraversalforSessionBorderControllerOverview 148 HowtoConfigureCiscoIOSHostedNATforSessionBorderController 149 ConfiguringCiscoIOSHostedNATforSessionBorderController 149 ConfigurationExamplesforConfiguringCiscoIOSHostedNATforSessionBorderController 153 ExampleConfiguringCiscoIOSHostedNATTraversalforSessionBorderController 153 AdditionalReferences 154 FeatureInformationforConfiguringHostedNATTraversalforSessionBorderController 155 CHAPTER 10 UserDefinedSourcePortRangesforPAT 157 RestrictionsforUserDefinedSourcePortRangesforPAT 157 InformationAboutUserDefinedSourcePortRangesforPAT 157 UserDefinedSourcePortRangesforPATOverview 157 EvenPortParity 158 HowtoConfigureUserDefinedSourcePortRangesforPAT 158 ConfiguringSourcePortRangesforPAT 158 ConfiguringEvenPortParity 159 ConfigurationExamplesforUserDefinedSourcePortRangesforPAT 160 ExampleUserDefinedSourcePortRangesforPAT 160 ExampleEvenPortParity 160 AdditionalReferences 161 FeatureInformationforUserDefinedSourcePortRangesforPAT 161 CHAPTER 11 FPGEndpointAgnosticPortAllocation 163 InformationAboutEndpointAgnosticPortAllocation 163 HowtoConfigureEndpointAgnosticPortAllocation 164 ConfiguringEndpointAgnosticPortAllocation 164 VerifyingEndpointAgnosticPortSupport 165 IPAddressing:NATConfigurationGuide,CiscoIOSRelease15M&T x
Description:The list of books you might like
