1. Home
    2. /
  2. Manuals
    3. /
  3. Allied-Telesis
    4. /
  4. AT-iMG624A
    5. /
  5. 89
Page 441 / 998 Scroll up to view Page 436 - 440
NAT command reference
Network address translation - NAT
4-139
iMG/RG Software Reference Manual (IPNetwork Functions)
Description
This command enables NAT between an existing security interface and a network inter-
face type. NAT is enabled between the security interface and all the interfaces that belong
to the chosen network interface type.
Note:
You must enable the
Security
package using the command SECURITY ENABLE if you want to use the
NAT
module to configure security for your system.
An interface is either an inside or outside interface. The network attached to an inside
interface needs to be protected from the network attached to an outside interface. For
example, the network attached to an internal interface (inside) needs to be protected
from the network attached to a DMZ (outside). Also, you can only enable
NAT
between
two different interface types. For example, if interfacename is an external interface type,
you can enable
NAT
between the interfacename and the internal or the DMZ interface
type, but not the external interface type. The following interface combinations are the
only ones that you can use:
External (outside) and internal (inside)
External (outside) and dmz (inside)
Dmz (outside) and internal (inside)
The existing security interface must be an outside interface.
NAT
translates packets
between the outside interface and the inside interface type. In this way, the IP address of
a host on a network attached to an inside interface is hidden from a host on a network
attached to an outside interface.
If you want to map an outside interface to an individual host on an inside interface type,
you can use the command NAT ADD RESVMAP INTERFACENAME.
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Option
Description
Default Value
name
An arbitrary name that identifies a NAT object enabled
between a security interface and an interface type. It can be
made up of one or more letters or a combination of letters and
digits, but it cannot start with a digit.
N/A
inter-
face-
name
The name of an existing security interface (external or DMZ)
that was added to the Security package using the SECURITY
ADD INTERFACE command. To display security interfaces, use
the security list interfaces command.
N/A
Page 442 / 998
Network address translation - NAT
NAT command reference
iMG/RG Software Reference Manual (IPNetwork Functions)
4-140
Example
--> nat enable nat1 extinterface internal
See also
NAT DISABLE
NAT STATUS
SECURITY LIST INTERFACES
SECURITY ADD INTERFACE
NAT ADD RESVMAP INTERFACENAME
4.4.5.1.2 NAT DISABLE
Syntax
NAT DISABLE <name>
Description
This command disables a NAT object that was previously enabled between an existing
security interface and a network interface type using the nat enable command. NAT is
disabled between the security interface and all the interfaces that belong to the chosen
interface type.
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> nat disable nat1
See also
nat enable
nat status
4.4.5.1.3 NAT ADD GLOBALPOOL
Syntax
NAT ADD GLOBALPOOL <name> <interfacename> {INTERNAL|DMZ}
<ipaddress> {SUBNETMASK <mask>|ENDADDRESS <address>}
internal
Allows NAT to be enabled/disabled between the interfacename
and all interfaces that belong to the internal interface type.
N/A
dmz
Allows NAT to be enabled/disabled between the interfacename
and all interfaces that belong to the DMZ interface type. The
interfacename must be an external interface type.
N/A
Option
Description
Default Value
name
The name of an existing NAT object created between a secu-
rity interface and an interface type using the NAT ENABLE
command. To display enabled NAT objects, use the NAT STA-
TUS command.
N/A
Option
Description
Default Value
Page 443 / 998
NAT command reference
Network address translation - NAT
4-141
iMG/RG Software Reference Manual (IPNetwork Functions)
Description
The NAT ENABLE COMMAND creates an IP address for the outside security interface;
however, you may want to use more than one outside IP address. For example, if your ISP
provides multiple IP addresses, you might want to map an outside address to an inside
interface that is your web server, and map another outside address to an inside interface
that is your mail server.
Note:
Before you can add a
Global Address Pool
, you must enable a NAT object using the command NAT
ENABLE
This command creates a pool of outside network addresses. A
Network Address Pool
is a
range of IP addresses that is visible outside your network. NAT translates packets
between the outside addresses and the inside interfaces that each address is mapped to.
There are two ways to specify a range of IP addresses:
Specify the interfacename IP address and a subnet mask address
Specify the interfacename IP address that represents the first address in the range,
then specify the last address in the range
If you want to map IP addresses to individual hosts on an inside interface type, you can
use the command NAT ADD RESVMAP GLOBALIP.
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Option
Description
Default Value
name
An arbitrary name that identifies a global network address or
pool of addresses. It can be made up of one or more letters or
a combination of letters and digits, but it cannot start with a
digit.
N/A
inter-
face-
name
The name of an existing security interface (external or DMZ)
created and connected to an inside interface (DMZ or internal)
using the nat enable command. To display security interfaces,
use the SECURITY LIST INTERFACES command.
N/A
internal
Maps the IP addresses to the internal interface type inside the
network.
N/A
dmz
Maps the global addresses to the DMZ interface type inside the
network.
N/A
ipad-
dress
The IP address of the interfacename that is visible outside the
network.
N/A
Page 444 / 998
Network address translation - NAT
NAT command reference
iMG/RG Software Reference Manual (IPNetwork Functions)
4-142
Example
Example 1
This example creates a network address pool that allows NAT to translate packets
between the external interface and the DMZ interface type.
First, NAT is enabled between the external interface and the DMZ interface type:
--> nat enable n1 extinterface dmz
Then the IP address and subnet mask is created:
--> nat add globalpool gp1 extinterface dmz 192.168.102.3 subnetmask 255.255.255.0
Example 2
This example creates a network address pool that allows NAT to translate packets
between the external interface and the internal interface type.
First NAT is enabled between the external interface and the internal interface type:
--> nat enable n2 extinterface internal
Then the address range is created:
--> nat add globalpool gp2 extinterface internal 192.168.103.2 endaddress
192.168.103.50
See also
NAT ENABLE
NAT STATUS
SECURITY LIST INTERFACES
Note:
Once you have created an address pool, packets received on a specific IP address can be mapped to
individual hosts inside the network. See NAT ADD RESVMAP GLOBALIP.
4.4.5.1.4 NAT CLEAR GLOBALPOOLS
Syntax
NAT CLEAR GLOBALPOOLS <interfacename>
Description
This command deletes all address pools that were added to a specific outside interface
using the nat add globalpool command.
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
mask
The subnet mask of the network IP address.
N/A
endad-
dress
The last IP address in the range of addresses that make up the
global address pool.
N/A
Option
Description
Default Value
Page 445 / 998
NAT command reference
Network address translation - NAT
4-143
iMG/RG Software Reference Manual (IPNetwork Functions)
Example
--> nat clear globalpools extinterface
See also
nat add globalpool
security list interfaces
4.4.5.1.5 NAT DELETE GLOBALPOOL
Syntax
NAT DELETE GLOBALPOOL <name> <interfacename>
Description
This command deletes a single address pool that was added to a specific outside interface
using the nat add globalpool command.
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> nat delete globalpool gp1 extinterface
See also
NAT ADD GLOBALPOOL
NAT LIST GLOBALPOOLS
SECURITY LIST INTERFACES
4.4.5.1.6 NAT IKETRANSLATION
Syntax
NAT IKETRANSLATION {cookies | ports}
Description
This command supports NAT IPSec traversal. It allows you to specify how Internet Key
Exchange (IKE) packets are translated.
Option
Description
Default Value
inter-
face-
name
The name of an existing security interface (external or DMZ)
created and connected to an inside interface (DMZ or internal)
using the NAT ENABLE command. To display security inter-
faces, use the SECURITY LIST INTERFACES command.
N/A
Option
Description
Default Value
name
An existing global IP address. To display global IP addresses,
use the NAT LIST GLOBALPOOLS command.
N/A
inter-
face-
name
The name of an existing security interface (external or DMZ)
created and connected to an inside interface (DMZ or inter-
nal) using the NAT ENABLE command. To display security
interfaces, use the SECURITY LIST INTERFACES command.
N/A

Rate

4 / 5 based on 3 votes.

Popular Allied-Telesis Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top