IP Addressing: NAT Configuration Guide, Cisco IOS XE Release 3S PDF
Preview IP Addressing: NAT Configuration Guide, Cisco IOS XE Release 3S
IP Addressing: NAT Configuration Guide, Cisco IOS XE Release 3S AmericasHeadquarters CiscoSystems,Inc. 170WestTasmanDrive SanJose,CA95134-1706 USA http://www.cisco.com Tel:408526-4000 800553-NETS(6387) Fax:408527-0883 ©2019CiscoSystems,Inc.Allrightsreserved. CONTEN TS CHAPTER 1 ConfiguringNATforIPAddressConservation 1 FindingFeatureInformation 1 PrerequisitesforConfiguringNATforIPAddressConservation 2 AccessLists 2 NATRequirements 2 RestrictionsforConfiguringNATforIPAddressConservation 2 InformationAboutConfiguringNATforIPAddressConservation 4 BenefitsofConfiguringNATforIPAddressConservation 4 HowNATWorks 5 UsesofNAT 5 TypesofNAT 5 NATInsideandOutsideAddresses 6 InsideSourceAddressTranslation 7 OverloadingofInsideGlobalAddresses 8 AddressTranslationofOverlappingNetworks 9 TCPLoadDistributionforNAT 11 StaticIPAddressSupport 11 RADIUS 12 Denial-of-ServiceAttacks 12 VirusesandWormsThatTargetNAT 12 HowtoConfigureNATforIPAddressConservation 12 ConfiguringInsideSourceAddresses 12 ConfiguringStaticTranslationofInsideSourceAddresses 13 ConfiguringDynamicTranslationofInsideSourceAddresses 14 UsingNATtoAllowInternalUsersAccesstotheInternet 16 ConfiguringAddressTranslationTimeouts 18 IPAddressing:NATConfigurationGuide,CiscoIOSXERelease3S iii Contents ChangingtheTranslationTimeout 18 ChangingtheTimeoutsWhenOverloadingIsConfigured 19 AllowingOverlappingNetworkstoCommunicateUsingNAT 20 ConfiguringStaticTranslationofOverlappingNetworks 20 ConfiguringDynamicTranslationofOverlappingNetworks 22 WhattoDoNext 24 ConfiguringServerTCPLoadBalancing 24 EnablingRouteMapsonInsideInterfaces 26 EnablingNATRouteMapsOutside-to-InsideSupport 27 ConfiguringNATofExternalIPAddressesOnly 28 ConfiguringtheNATDefaultInsideServerFeature 30 ReenablingRTSPonaNATRouter 32 ConfiguringSupportforUserswithStaticIPAddresses 32 ConfiguringtheRateLimitingNATTranslationFeature 34 ConfiguringBypassNATFunctionality 35 ConfigurationExamplesforConfiguringNATforIPAddressConservation 36 Example:ConfiguringStaticTranslationofInsideSourceAddresses 36 Example:ConfiguringDynamicTranslationofInsideSourceAddresses 36 Example:UsingNATtoAllowInternalUsersAccesstotheInternet 37 Example:AllowingOverlappingNetworkstoCommunicateUsingNAT 38 Example:ConfiguringStaticTranslationofOverlappingNetworks 38 Example:ConfiguringDynamicTranslationofOverlappingNetworks 38 Example:ConfiguringServerTCPLoadBalancing 38 Example:EnablingRouteMapsonInsideInterfaces 39 Example:EnablingNATRouteMapsOutside-to-InsideSupport 39 Example:ConfiguringNATofExternalIPAddressesOnly 39 Example:ConfiguringSupportforUserswithStaticIPAddresses 39 Example:ConfiguringNATStaticIPSupport 39 Example:CreatingaRADIUSProfileforNATStaticIPSupport 39 Example:ConfiguringtheRateLimitingNATTranslationFeature 40 Example:SettingaGlobalNATRateLimit 40 Example:SettingNATRateLimitsforaSpecificVRFInstance 40 Example:SettingNATRateLimitsforAllVRFInstances 40 Example:SettingNATRateLimitsforAccessControlLists 41 IPAddressing:NATConfigurationGuide,CiscoIOSXERelease3S iv Contents Example:SettingNATRateLimitsforanIPAddress 41 WheretoGoNext 41 AdditionalReferencesforConfiguringNATforIPAddressConservation 41 FeatureInformationforConfiguringNATforIPAddressConservation 42 CHAPTER 2 UsingApplication-LevelGatewayswithNAT 47 FindingFeatureInformation 47 PrerequisitesforUsingApplicationLevelGatewayswithNAT 48 InformationAboutUsingApplication-LevelGatewayswithNAT 48 IPsec 48 BenefitsofConfiguringNATIPsec 49 VoiceandMultimediaoverIPNetworks 49 NATSupportofH.323v2RAS 49 NATSupportforH.323v3andv4inv2CompatibilityMode 50 NATH.245TunnelingSupport 50 NATSupportofSkinnyClientControlProtocol 50 NATSupportofSCCPFragmentation 51 NATSegmentationwithLayer4Forwarding 51 HowtoConfigureApplication-LevelGatewayswithNAT 52 ConfiguringIPsecThroughNAT 52 ConfiguringIPsecESPThroughNAT 52 EnablingthePreservePort 53 EnablingSPIMatchingontheNATDevice 54 EnablingSPIMatchingonEndpoints 55 EnablingMultiPartSDPSupportforNAT 55 ConfiguringNATBetweenanIPPhoneandCiscoCallManager 56 ConfigurationExamplesforUsingApplication-LevelGatewayswithNAT 57 Example:SpecifyingaPortforNATTranslation 57 Example:EnablingthePreservePort 57 ExampleEnablingSPIMatching 57 Example:EnablingSPIMatchingonEndpoints 57 Example:EnablingMultiPartSDPSupportforNAT 58 Example:SpecifyingaPortforNATTranslation 58 WheretoGoNext 58 IPAddressing:NATConfigurationGuide,CiscoIOSXERelease3S v Contents AdditionalReferencesforUsingApplication-LevelGatewayswithNAT 58 FeatureInformationforUsingApplication-LevelGatewayswithNAT 59 CHAPTER 3 CarrierGradeNetworkAddressTranslation 63 FindingFeatureInformation 63 RestrictionsforCarrierGradeNetworkAddressTranslation 63 InformationAboutCarrierGradeNetworkAddressTranslation 64 CarrierGradeNATOverview 64 CarrierGradeNATSupportforBroadbandAccessAggregation 65 HowtoConfigureCarrierGradeNetworkAddressTranslation 65 ConfiguringStaticCarrierGradeNAT 66 ConfiguringDynamicCarrierGradeNAT 68 ConfiguringDynamicPortAddressCarrierGradeNAT 70 ConfigurationExamplesforCarrierGradeNetworkAddressTranslation 73 Example:ConfiguringStaticCarrierGradeNAT 73 Example:ConfiguringDynamicCarrierGradeNAT 73 Example:ConfiguringDynamicPortAddressCarrierGradeNAT 73 AdditionalReferencesforCarrierGradeNetworkAddressTranslation 74 FeatureInformationforCarrierGradeNetworkAddressTranslation 75 CHAPTER 4 StaticNATMappingwithHSRP 77 FindingFeatureInformation 77 PrerequisitesforStaticNATMappingwithHSRP 77 RestrictionsforStaticNATMappingwithHSRP 77 InformationAboutStaticNATMappingwithHSRP 78 StaticMappingSupportwithHSRPforHighAvailabilityFeatureOverview 78 AddressResolutionwithARP 78 HowtoConfigureStaticNATMappingwithHSRP 79 ConfiguringNATStaticMappingSupportforHSRP 79 EnablingHSRPontheNATInterface 79 EnablingStaticNATforHSRP 81 ConfigurationExampleforStaticNATMappingwithHSRP 82 Example:ConfiguringStaticNATinanHSRPEnvironment 82 AdditionalReferencesforStaticNATMappingwithHSRP 83 IPAddressing:NATConfigurationGuide,CiscoIOSXERelease3S vi Contents FeatureInformationforStaticNATMappingwithHSRP 84 CHAPTER 5 VRF-AwareDynamicNATMappingwithHSRP 85 FindingFeatureInformation 85 PrerequisitesforVRF-AwareDynamicNATMappingwithHSRP 85 RestrictionsforVRF-AwareDynamicNATMappingwithHSRP 86 InformationAboutVRF-AwareDynamicNATMappingwithHSRP 86 VRF-AwareDynamicNATMappingwithHSRPOverview 86 AddressResolutionwithARP 87 HowtoConfigureVRF-AwareDynamicNATMappingwithHSRP 87 EnablingHSRPforVRF-AwareDynamicNAT 87 ConfigurationExamplesforVRF-AwareDynamicNATMappingwithHSRP 90 Example:EnablingHSRPforVRF-AwareDynamicNAT 90 VerifyingHSRPforVRF-AwareDynamicNAT 91 AdditionalReferencesVRF-AwareDynamicNATMappingwithHSRP 93 FeatureInformationforVRF-AwareDynamicNATMappingwithHSRP 94 CHAPTER 6 ConfiguringStatefulInterchassisRedundancy 95 FindingFeatureInformation 95 PrerequisitesforStatefulInterchassisRedundancy 95 RestrictionsforStatefulInterchassisRedundancy 96 InformationAboutStatefulInterchassisRedundancy 97 StatefulInterchassisRedundancyOverview 97 StatefulInterchassisRedundancyOperation 97 AssociationswithFirewallsandNAT 98 LAN-LANTopology 98 HowtoConfigureStatefulInterchassisRedundancy 99 ConfiguringtheControlInterfaceProtocol 99 ConfiguringaRedundancyGroup 101 ConfiguringaRedundantTrafficInterface 104 ConfiguringNATwithStatefulInterchassisRedundancy 105 ManagingandMonitoringStatefulInterchassisRedundancy 106 ConfigurationExamplesforStatefulInterchassisRedundancy 108 Example:ConfiguringtheControlInterfaceProtocol 108 IPAddressing:NATConfigurationGuide,CiscoIOSXERelease3S vii Contents Example:ConfiguringaRedundancyGroup 108 Example:ConfiguringaRedundantTrafficInterface 108 Example:ConfiguringNATwithStatefulInterchassisRedundancy 109 AdditionalReferencesforStatefulInterchassisRedundancy 109 FeatureInformationforStatefulInterchassisRedundancy 110 CHAPTER 7 InterchassisAsymmetricRoutingSupportforZone-BasedFirewallandNAT 111 FindingFeatureInformation 111 RestrictionsforInterchassisAsymmetricRoutingSupportforZone-BasedFirewallandNAT 112 InformationAboutInterchassisAsymmetricRoutingSupportforZone-BasedFirewallandNAT 112 AsymmetricRoutingOverview 112 AsymmetricRoutingSupportinFirewalls 114 AsymmetricRoutinginNAT 114 AsymmetricRoutinginaWAN-LANTopology 115 VRF-AwareAsymmetricRoutinginZone-BasedFirewalls 115 VRF-AwareAsymmetricRoutinginNAT 116 HowtoConfigureInterchassisAsymmetricRoutingSupportforZone-BasedFirewallandNAT 116 ConfiguringaRedundancyApplicationGroupandaRedundancyGroupProtocol 116 ConfiguringData,Control,andAsymmetricRoutingInterfaces 119 ConfiguringaRedundantInterfaceIdentifierandAsymmetricRoutingonanInterface 121 ConfiguringDynamicInsideSourceTranslationwithAsymmetricRouting 122 ConfigurationExamplesforInterchassisAsymmetricRoutingSupportforZone-BasedFirewalland NAT 124 Example:ConfiguringaRedundancyApplicationGroupandaRedundancyGroupProtocol 124 Example:ConfiguringData,Control,andAsymmetricRoutingInterfaces 125 Example:ConfiguringaRedundantInterfaceIdentifierandAsymmetricRoutingonanInterface 125 Example:ConfiguringDynamicInsideSourceTranslationwithAsymmetricRouting 125 Example:ConfiguringVRF-AwareNATforWAN-WANTopologywithSymmetricRouting Box-to-BoxRedundancy 125 Example:ConfiguringAsymmetricRoutingwithVRF 128 AdditionalReferencesforInterchassisAsymmetricRoutingSupportforZone-BasedFirewalland NAT 129 FeatureInformationforInterchassisAsymmetricRoutingSupportforZone-BasedFirewallandNAT 130 IPAddressing:NATConfigurationGuide,CiscoIOSXERelease3S viii Contents CHAPTER 8 VRF-AwareNATforWAN-WANTopologywithSymmetricRoutingBox-to-BoxRedundancy 131 FindingFeatureInformation 131 RestrictionsforVRF-AwareNATforWAN-WANTopologywithSymmetricRoutingBox-to-Box Redundancy 132 InformationAboutVRF-AwareNATforWAN-WANTopologywithSymmetricRoutingBox-to-Box Redundancy 132 VRF-AwareBox-to-BoxHighAvailabilitySupport 132 StatefulInterchassisRedundancyOverview 133 StatefulInterchassisRedundancyOperationinNAT 133 HowtoConfigureVRF-AwareNATforWAN-WANTopologywithSymmetricRoutingBox-to-Box Redundancy 134 ConfigurationExamplesforVRF-AwareNATforWAN-WANTopologywithSymmetricRouting Box-to-BoxRedundancy 135 Example:ConfiguringVRF-AwareNATforWAN-WANTopologywithSymmetricRouting Box-to-BoxRedundancy 135 AdditionalReferencesforVRF-AwareNATforWAN-WANTopologywithSymmetricRouting Box-to-BoxRedundancy 137 FeatureInformationforVRF-AwareNATforWAN-WANTopologywithSymmetricRouting Box-to-BoxRedundancy 138 CHAPTER 9 IntegratingNATwithMPLSVPNs 139 FindingFeatureInformation 139 PrerequisitesforIntegratingNATwithMPLSVPNs 139 RestrictionsforIntegratingNATwithMPLSVPNs 140 InformationAboutIntegratingNATwithMPLSVPNs 140 BenefitsofNATIntegrationwithMPLSVPNs 140 ImplementationOptionsforIntegratingNatwithMPLSVPNs 140 ScenariosforImplementingNATonthePERouter 140 HowtoIntegrateNATwithMPLSVPNs 141 ConfiguringInsideDynamicNATwithMPLSVPNs 141 ConfiguringInsideStaticNATwithMPLSVPNs 143 ConfiguringOutsideDynamicNATwithMPLSVPNs 144 ConfiguringOutsideStaticNATwithMPLSVPNs 145 ConfigurationExamplesforIntegratingNATwithMPLSVPNs 147 IPAddressing:NATConfigurationGuide,CiscoIOSXERelease3S ix Contents ConfiguringInsideDynamicNATwithMPLSVPNsExample 147 ConfiguringInsideStaticNATwithMPLSVPNsExample 147 ConfiguringOutsideDynamicNATwithMPLSVPNsExample 148 ConfiguringOutsideStaticNATwithMPLSVPNsExample 148 WheretoGoNext 148 AdditionalReferencesforIntegratingNATwithMPLSVPNs 149 FeatureInformationforIntegratingNATwithMPLSVPNs 149 CHAPTER 10 MonitoringandMaintainingNAT 151 FindingFeatureInformation 151 PrerequisitesforMonitoringandMaintainingNAT 151 RestrictionsforMonitoringandMaintainingNAT 151 InformationAboutMonitoringandMaintainingNAT 152 NATDisplayContents 152 TranslationEntries 152 StatisticalInformation 152 NAT-ForcedClearofDynamicNATHalf-Entries 153 HowtoMonitorandMaintainNAT 153 DisplayingNATTranslationInformation 153 ClearingNATEntriesBeforetheTimeout 155 ExamplesforMonitoringandMaintainingNAT 156 Example:ClearingUDPNATTranslations 156 AdditionalReferencesforMonitoringandMaintainingNAT 157 FeatureInformationforMonitoringandMaintainingNAT 157 CHAPTER 11 EnablingNATHigh-SpeedLoggingperVRF 159 FindingFeatureInformation 159 InformationAboutEnablingNATHigh-SpeedLoggingperVRF 159 High-SpeedLoggingforNAT 159 HowtoConfigureEnablingNATHigh-SpeedLoggingperVRF 161 EnablingHigh-SpeedLoggingofNATTranslations 161 ConfigurationExamplesforEnablingNATHigh-SpeedLoggingperVRF 162 Example:EnablingHigh-SpeedLoggingofNATTranslations 162 AdditionalReferencesforEnablingNATHigh-SpeedLoggingperVRF 162 IPAddressing:NATConfigurationGuide,CiscoIOSXERelease3S x
Description:The list of books you might like
