[rbak-nsp] NAT configuration

Piotrek S. komuch at gmail.com
Tue Feb 19 11:01:16 EST 2013 

Hi,

Tanks for advice...

In case of NAT many to many...
IMO, it can't be done without any problems... so i decided to create serval
NAT policies and NAT pools with single IP/32 and port-block 1 to 15

NAT policies without acl (names) can be dynamically returned from RADIUS
but in this case i can't define (ACL) destination addresses in my local
network which must be reachable without NAT translation...

Am i wrong ?

Regards



2013/2/18 Navin Nepali <navin_n at yahoo.com>

> I think in SE, the NAT is not ALG based..I remember when i used NAT in my
> network many connections are dropped for applications such as FTP, IPSec
> VPN etc. When I asked the SE support, they told me the NAT is not ALG based.
>
> I don't know as of now many be Ericsson may have already developed NAT ALG.
>
> Thanks.
>
>    *From:* Piotrek S. <komuch at gmail.com>
> *To:* redback-nsp at puck.nether.net
> *Sent:* Monday, February 18, 2013 4:13 PM
> *Subject:* [rbak-nsp] NAT configuration
>
> Hi,
>
> Can anyone tell me how can i configure NAT many to many ?
>
> Currently i have:
>
> ip nat pool pool-NAT-customers napt multibind
> address xxx.xxx.xxx.xx1/32 port-block 15 to 15
> address xxx.xxx.xxx.xx2/32 port-block 15 to 15
> address xxx.xxx.xxx.xx3/32 port-block 15 to 15
> address xxx.xxx.xxx.xx4/32 port-block 15 to 15
> ...
> address xxx.xxx.xxx.x49/32 port-block 15 to 15
>
> nat policy pol1
> ! Default class
>   ignore
>   icmp-notification
> ! Named classes
>   access-group NAT-ACL
>    class NONAT
>     ignore
>     icmp-notification
>    class cls-NAT-1-26
>     pool pool-NAT-customers BRAS
>     timeout tcp 18000
>     timeout udp 60
>     timeout fin-reset 60
>     timeout icmp 30
>     timeout syn 60
>     admission-control tcp
>     admission-control udp
>     admission-control icmp
>     endpoint-independent filtering udp
>     no icmp-notification
> !
>
> Why many established connections are dropped (like SSH, HTTPS sessions,
> etc.) after short period of idle time even though tcp timeout is set to
> 18000 ?
>
> Thanks for help.
>
> Regards
>
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20130219/5168fdd2/attachment.html>

More information about the redback-nsp mailing list