Documente Academic
Documente Profesional
Documente Cultură
Parbhat Kapoor
parbhat@versa-networks.com
In this deck following NAT Types are presented in listed order:
1. Basic NAT
2. Destination NAT
3. Dynamic NAT
4. NAPT44 (PAT)
5. Twice-basic-nat-44
6. Twice-dynamic-nat-44
7. Twice-napt-44
Before we touch base on different NAT types, lets list down what each field in CGNAT Pool/Rule means:
IP Address/Range Usage: Values given this field mostly depended on NAT Type implementation
Example:
o If Nat Type is Destination NAT: You will be providing Internal IP address of the Host
o If Nat Type is Basic/Dynamic NAT: You will be providing Public IP/Pool which get used for translation for Internal Lan Network
Egress Network Usage: Most commonly this option is used when Nat Type is: NAPT [Port based translation]
Address Allocation Scheme: “Round Robin” is the only available allocation scheme as of now
Routing Instance: Again this field mostly depended on NAT Type implementation
Example:
o If Nat Type is Destination NAT: You will be choosing LAN-VR
o If Nat Type is Basic/Dynamic NAT: You will be choosing Transport-VR
CGNAT Pool Port Tab:
Port tab provides various options in order to provide Port Forwarding abilities:
Destination Port
Source Port
Following NAT Types do not support Port Forwarding and hence please skip this tab :
Basic NAT
Dynamic NAT
Destination NAT: Uses “Destination Port” on which the server is actually listening
Example:
Basic NAT: Source have to be Internal IP Space which will get nat with its associated CGNAT Pool
Destination: Can be left blank or you can provide list of destination this Rule will be applied for
Dynamic NAT: Same as Basic NAT. Source zones/IP Address/Range either of the option have to be present
Destination: Can be left blank
172.16.121.9 172.16.20.135
Patch Updates?
Data Center
Web Server
172.16.121.9 Internet Patch Updates?
WAN Patch Updates?
Patch Updates?
Patch updates? Patch Updates?
Usage in Production: Internal Server want to communicate over Internet. Patch updates etc
Versa Basic Nat also automatically create Bi-Directional NAT entry.
Step 1: Configure NAT pool
In NAT Pool we will define Public IP Address to which Internal Server IP Address will get NATed.
Provide Private IP Address of the server and associate CGNAT pool with it
[ok][2019-07-05 12:34:30]
admin@Hub-Twitter-cli>
Verification-Inbound Session:
[ok][2019-07-05 12:34:30]
admin@Hub-Twitter-cli>
Data Center
www.cnbc.com www.cnbc.com
Internet
WAN
www.cnbc.com www.cnbc.com
Web Server
172.16.121.9
Use Case: When you want your WebServer to be accessible from Public Cloud/Internet
Step 1: Configure NAT pool
In Destination NAT CGNAT POOL actually refers to an untranslated IP host/network addresses. In most cases these IP Addresses are Private. These are hosts/servers which sits inside
the network and which will be accessed Publicly by using the Public reachable IP Address.
Configure Public IP of Server in “Destination”. Port provided here can be different than what an internal server is actually listening on. FlexVNF will take care of port forwarding as well.
Remote user with an IP 10.40.146.204 is using http://172.16.20.121:8080 and FlexVNF will translate this url into http://172.16.121.9 (port 80)
[ok][2019-07-05 12:34:30]
admin@Spoke1-Twitter-cli>
Internet User Use this url Internal Admin can use this url
NAT TYPE 3: Dynamic NAT
Dynamic NAT
172.16.120.9 172.16.20.137
172.16.120.10 172.16.20.136
disney.com
disney.com
Internet
WAN disney.com
disney.com cnn.com
disney.com cnn.com
disney.com cnn.com cnn.com
cnn.com
cnn.com
cnn.com cnn.com
Use Case: Internal LAN network get temporary NAT via Public IP Pool
Please note: Versa Dynamic NAT is not Bi-Directional in nature
Step 1: Configure NAT pool
Please provide Public IP pool information in Range field or you can also provide IP Address with Mask information. Internal LAN subnet will dynamically get NAT’ed from this Pool.
Step 2: Configure NAT Rule
Provide Private IP Address of the internal LAN hosts/Subnet and associate it with respective CGNAT pool
[ok][2019-07-05 12:34:30]
admin@Hub-Twitter-cli>
NAT TYPE 4: NAPT44
Step 1: Configure NAT pool for Source IP Translation
Step 2: Configure NAT Rule
Provide Private IP Address of the server and associate CGNAT pool with it
CGNAT Show commands
admin@ Hilton3 -cli> show orgs org Hilton sessions nat brief
NAT NAT NAT
VSN VSN SESS DESTINATION SOURCE DESTINATION NAT SOURCE DESTINATION SOURCE DESTINATION
ID VID ID SOURCE IP IP PORT PORT PROTOCOL NATTED SDWAN APPLICATION IP IP PORT PORT
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
0 2 59 172.16.139.50 8.8.8.8 1024 1024 6 Yes No - 172.16.20.172 8.8.8.8 11860 1024
0 2 62 172.16.139.51 8.8.8.8 1024 1024 6 Yes No - 172.16.20.172 8.8.8.8 35396 1024
0 2 63 172.16.139.52 8.8.8.8 1024 1024 6 Yes No - 172.16.20.172 8.8.8.8 17491 1024
NAT TYPE 5: TWICE-Basic-NAT-44
Twice Basic NAT 44
Remote Site1
Headquarter
Web Server
172.16.120.9 Internet
WAN
DNS 172.16.20.135 10.40.146.233 DNS 172.16.20.135 10.40.146.233
DNS 172.16.120.9 8.8.8.8 WAN
DNS 172.16.20.135 10.40.146.233
Corporate DNS Server: 10.40.146.233
DNS 172.16.20.135 10.40.146.233
Use Case: Internal host is still configured to use Google’s DNS servers, but their traffic is automatically being redirected to the corporate DNS servers
Step 1: Configure NAT pool for Source IP Translation
Please provide Public IP address with which Internal web server will get NATed.
Step 2: Configure NAT pool for Destination IP Translation
Please provide Source(Internal host IP) and Destination IP(Destination IP which Internal Host is actually using) Address information. Choose “twice-basic-nat-44” option and select respective src/dst
pools
Verification-Outbound Session:
172.16.120.10
DNS 172.16.120.10 8.8.8.8
Use Case: Internal hosts pool is still configured to use Google’s DNS servers, but their traffic is automatically being redirected to the corporate DNS servers
Please provide Public IP pool information in Range field or you can also provide IP Address with Mask information. Internal LAN subnet/Source field of IP Packet will dynamically get
NAT’ed from this Pool.
Step 2: Configure NAT pool for Destination IP Translation
Please provide Source and Destination IP Address information. Choose “twice-dynamic-nat-44” option and select respective src/dst pools
Verification-Outbound Session:
[ok][2019-07-05 12:34:30]
admin@Hub-Twitter-cli>
NAT TYPE 7: TWICE-NAPT-44
Twice NAPT 44
Remote Site1
Headquarter
Internet
WAN
DNS 172.16.20.135 10.40.146.233 DNS 172.16.20.135 10.40.146.233
DNS 172.16.120.9 8.8.8.8 WAN
172.16.120.9
DNS 172.16.20.135 10.40.146.233
DNS 172.16.120.9 8.8.8.8 Corporate DNS Server: 10.40.146.233
DNS 172.16.20.135 10.40.146.233
Use Case: Internal host is still configured to use Google’s DNS servers, but their traffic is automatically being redirected to the corporate DNS servers
[ok][2019-07-05 12:34:30]
admin@Hub-Twitter-cli>
Thank You