[rbak-nsp] redback-nsp Digest, Vol 79, Issue 4

Заикин Станислав zaikin_s at ufanet.ru
Wed Jul 30 07:09:18 EDT 2014 

30.07.2014 16:52, Marcin Kuczera пишет:
> On 2014-07-29 19:09, Stanislav Volkov wrote:
>> Only CG-NAT  is supported on LAG.
>
> well, we have a CG-NAT license, but does that changes anything in NAT 
> configuration in LAGs ?
>
> Regards,
> Marcin

You should change your nat policy type to enhanced. Example from 
documentation:

> configure
> !
> software license
>   nat enhanced password/enhanced-nat-password/    <--*Enable the license for enhanced NAT features*
> !
> context nat-context
> !
>   nat logging-profile nat-log-profile           <--*Create a NAT logging profile*
>    transport-protocol udp
>    export-version v9
>    source 10.2.1.1 port 4242
>    destination 10.2.1.2 context nat-context port 8989
>    dscp ef
>    maximum ip-packet-size 1400
> !
> ip nat pool nat-pool napt paired logging        <--*Configure an Enhanced NAT pool*  
>
>
>   logging-profile nat-log-profile
>   paired-mode subscriber over-subscription 100 port-limit 2000
>   address 100.1.1.1 to 100.1.1.20 port-block 0 to 15
>    exclude well-known*   <-Excludes TCP and UDP ports 0-1023 from the entire pool*
>    exclude 5888 to 6015*<-Excludes a given port range from the given address or address range of a pool*
> !
>   policy access-list nat-acl
>    seq 10 permit udp 192.168.0.0 0.0.255.255 192.168.100.0 0.0.0.255 class voip-class
>    seq 20 permit icmp 192.168.0.0 0.0.255.255 any class nat-class
>    seq 30 permit udp 192.168.0.0 0.0.255.255 any class nat-class
>    seq 40 permit tcp 192.168.0.0 0.0.255.255 any class nat-class
> !
>   nat policy nat-policy enhanced               <--*Create an enhanced NAT policy*
> ! Default class
>    drop
> ! Named classes
>    access-group nat-acl                        <--*Configure an Access Group and Class*
>     class voip-class
>      ignore
>     class nat-class
>      pool nat-pool nat-context                 <--*Refer to the enhanced NAT pool*
>      endpoint-independent filtering tcp
>      endpoint-independent filtering udp
>      inbound-refresh udp
>      timeout abandoned 3600
>      icmp-notification


-- 
Stanislav Zaikin
OJSC "Ufanet"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20140730/f306f73d/attachment.html>

More information about the redback-nsp mailing list