[rbak-nsp] redback-nsp Digest, Vol 79, Issue 7

Stanislav Volkov s_volkov at tele-a.ru
Wed Jul 30 13:20:35 EDT 2014


Use the enhanced keyword in the nat policy conf.

For exm: nat policy NP-1 enhanced

Without this keyword it does not work. 

St.Vol.

> 30 июля 2014 г., в 20:00, redback-nsp-request at puck.nether.net написал(а):
> 
> Send redback-nsp mailing list submissions to
>    redback-nsp at puck.nether.net
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>    https://puck.nether.net/mailman/listinfo/redback-nsp
> or, via email, send a message with subject or body 'help' to
>    redback-nsp-request at puck.nether.net
> 
> You can reach the person managing the list at
>    redback-nsp-owner at puck.nether.net
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of redback-nsp digest..."
> 
> 
> Today's Topics:
> 
>   1. Re: redback-nsp Digest, Vol 79, Issue 4 (?????? ?????????)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Wed, 30 Jul 2014 17:09:18 +0600
> From: ?????? ?????????  <zaikin_s at ufanet.ru>
> To: Marcin Kuczera <marcin at leon.pl>, redback-nsp at puck.nether.net
> Subject: Re: [rbak-nsp] redback-nsp Digest, Vol 79, Issue 4
> Message-ID: <53D8D25E.2090709 at ufanet.ru>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
> 
> 30.07.2014 16:52, Marcin Kuczera ?????:
>>> On 2014-07-29 19:09, Stanislav Volkov wrote:
>>> Only CG-NAT  is supported on LAG.
>> 
>> well, we have a CG-NAT license, but does that changes anything in NAT 
>> configuration in LAGs ?
>> 
>> Regards,
>> Marcin
> 
> You should change your nat policy type to enhanced. Example from 
> documentation:
> 
>> configure
>> !
>> software license
>>  nat enhanced password/enhanced-nat-password/    <--*Enable the license for enhanced NAT features*
>> !
>> context nat-context
>> !
>>  nat logging-profile nat-log-profile           <--*Create a NAT logging profile*
>>   transport-protocol udp
>>   export-version v9
>>   source 10.2.1.1 port 4242
>>   destination 10.2.1.2 context nat-context port 8989
>>   dscp ef
>>   maximum ip-packet-size 1400
>> !
>> ip nat pool nat-pool napt paired logging        <--*Configure an Enhanced NAT pool*  
>> 
>> 
>>  logging-profile nat-log-profile
>>  paired-mode subscriber over-subscription 100 port-limit 2000
>>  address 100.1.1.1 to 100.1.1.20 port-block 0 to 15
>>   exclude well-known*   <-Excludes TCP and UDP ports 0-1023 from the entire pool*
>>   exclude 5888 to 6015*<-Excludes a given port range from the given address or address range of a pool*
>> !
>>  policy access-list nat-acl
>>   seq 10 permit udp 192.168.0.0 0.0.255.255 192.168.100.0 0.0.0.255 class voip-class
>>   seq 20 permit icmp 192.168.0.0 0.0.255.255 any class nat-class
>>   seq 30 permit udp 192.168.0.0 0.0.255.255 any class nat-class
>>   seq 40 permit tcp 192.168.0.0 0.0.255.255 any class nat-class
>> !
>>  nat policy nat-policy enhanced               <--*Create an enhanced NAT policy*
>> ! Default class
>>   drop
>> ! Named classes
>>   access-group nat-acl                        <--*Configure an Access Group and Class*
>>    class voip-class
>>     ignore
>>    class nat-class
>>     pool nat-pool nat-context                 <--*Refer to the enhanced NAT pool*
>>     endpoint-independent filtering tcp
>>     endpoint-independent filtering udp
>>     inbound-refresh udp
>>     timeout abandoned 3600
>>     icmp-notification
> 
> 
> -- 
> Stanislav Zaikin
> OJSC "Ufanet"
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20140730/f306f73d/attachment-0001.html>
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
> 
> 
> ------------------------------
> 
> End of redback-nsp Digest, Vol 79, Issue 7
> ******************************************



More information about the redback-nsp mailing list