[rbak-nsp] redback-nsp Digest, Vol 79, Issue 7
Stanislav Volkov
s_volkov at tele-a.ru
Wed Jul 30 13:20:35 EDT 2014
Use the enhanced keyword in the nat policy conf.
For exm: nat policy NP-1 enhanced
Without this keyword it does not work.
St.Vol.
> 30 июля 2014 г., в 20:00, redback-nsp-request at puck.nether.net написал(а):
>
> Send redback-nsp mailing list submissions to
> redback-nsp at puck.nether.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://puck.nether.net/mailman/listinfo/redback-nsp
> or, via email, send a message with subject or body 'help' to
> redback-nsp-request at puck.nether.net
>
> You can reach the person managing the list at
> redback-nsp-owner at puck.nether.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of redback-nsp digest..."
>
>
> Today's Topics:
>
> 1. Re: redback-nsp Digest, Vol 79, Issue 4 (?????? ?????????)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 30 Jul 2014 17:09:18 +0600
> From: ?????? ????????? <zaikin_s at ufanet.ru>
> To: Marcin Kuczera <marcin at leon.pl>, redback-nsp at puck.nether.net
> Subject: Re: [rbak-nsp] redback-nsp Digest, Vol 79, Issue 4
> Message-ID: <53D8D25E.2090709 at ufanet.ru>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> 30.07.2014 16:52, Marcin Kuczera ?????:
>>> On 2014-07-29 19:09, Stanislav Volkov wrote:
>>> Only CG-NAT is supported on LAG.
>>
>> well, we have a CG-NAT license, but does that changes anything in NAT
>> configuration in LAGs ?
>>
>> Regards,
>> Marcin
>
> You should change your nat policy type to enhanced. Example from
> documentation:
>
>> configure
>> !
>> software license
>> nat enhanced password/enhanced-nat-password/ <--*Enable the license for enhanced NAT features*
>> !
>> context nat-context
>> !
>> nat logging-profile nat-log-profile <--*Create a NAT logging profile*
>> transport-protocol udp
>> export-version v9
>> source 10.2.1.1 port 4242
>> destination 10.2.1.2 context nat-context port 8989
>> dscp ef
>> maximum ip-packet-size 1400
>> !
>> ip nat pool nat-pool napt paired logging <--*Configure an Enhanced NAT pool*
>>
>>
>> logging-profile nat-log-profile
>> paired-mode subscriber over-subscription 100 port-limit 2000
>> address 100.1.1.1 to 100.1.1.20 port-block 0 to 15
>> exclude well-known* <-Excludes TCP and UDP ports 0-1023 from the entire pool*
>> exclude 5888 to 6015*<-Excludes a given port range from the given address or address range of a pool*
>> !
>> policy access-list nat-acl
>> seq 10 permit udp 192.168.0.0 0.0.255.255 192.168.100.0 0.0.0.255 class voip-class
>> seq 20 permit icmp 192.168.0.0 0.0.255.255 any class nat-class
>> seq 30 permit udp 192.168.0.0 0.0.255.255 any class nat-class
>> seq 40 permit tcp 192.168.0.0 0.0.255.255 any class nat-class
>> !
>> nat policy nat-policy enhanced <--*Create an enhanced NAT policy*
>> ! Default class
>> drop
>> ! Named classes
>> access-group nat-acl <--*Configure an Access Group and Class*
>> class voip-class
>> ignore
>> class nat-class
>> pool nat-pool nat-context <--*Refer to the enhanced NAT pool*
>> endpoint-independent filtering tcp
>> endpoint-independent filtering udp
>> inbound-refresh udp
>> timeout abandoned 3600
>> icmp-notification
>
>
> --
> Stanislav Zaikin
> OJSC "Ufanet"
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20140730/f306f73d/attachment-0001.html>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
>
>
> ------------------------------
>
> End of redback-nsp Digest, Vol 79, Issue 7
> ******************************************
More information about the redback-nsp
mailing list