NAT

This section describes Network Address Translation (NAT).

Network Address Translation (NAT) is a method by which IP addresses are mapped from one realm to another, in an attempt to provide transparent routing to hosts. RFC 2663

The need for IP Address translation arises when a network's internal IP addresses cannot be used outside the network either because they are invalid for use outside, or because the internal addressing must be kept private from the external network.

Address translation allows hosts in a private network to transparently communicate with destinations on an external network and vice versa.

NAT binds addresses in private network with addresses in global network and vice versa to provide transparent routing for the datagrams traversing between address realms. The binding in some cases may extend to transport level identifiers (such as TCP/UDP ports). Address binding is done at the start of a session. There are two types of address assignments: static and dynamic. In the case of static address assignment, there is one-to-one address mapping for hosts between a private network address and an external network address for the lifetime of NAT operation.

Network Address Port Translation (NAPT) is a variation of the traditional NAT. NAPT extends the notion of translation one step further by also translating transport identifiers (e.g., TCP and UDP port numbers, ICMP query identifiers).

For packets outbound from the private network, NAPT would translate the source IP address, source transport identifier and related fields such as IP, TCP, UDP and ICMP header checksums. Transport identifier can be one of TCP / UDP port or ICMP query ID.
For inbound packets, the destination IP address, destination transport identifier and the IP and transport header checksums are translated.

Destination network address translation (DNAT) is a technique for transparently changing the destination IP address of an end route packet and performing the inverse function for any replies.

To access NAT screens, go to Layer 3 Management > Security > NAT.

NAT Global Configuration

Figure 1. NAT Global Configuration

Screen Objective	This screen allows the user to configure the NAT Global Configuration.
Navigation	Layer 3 Management > Security > NAT > NAT Global Configuration
Fields	NAT Status—select the status of NAT. The default option is disabled.The list contains: Enabled Disabled NAT Debug Level—select the status of NAT. The list contains: None—configures NAT debug to none. All—configures NAT debug to all level.s Total Number of Entries—enter number of entries. Total Number of Translations—enter number of translations. Number of Active Sessions—enter number of active sessions.
Buttons	Apply—select to safe the configuration.

Static SNAT Configuration

Figure 2. Static SNAT Configuration

Screen Objective	This screen allows the user to configure the static mapping between local IP address and translated IP address on a particular interface.
Navigation	Layer 3 Management > Security > NAT > Static SNAT Configuration
Fields	Interface—select the interface for which the NAT configuration needs to be modified or deleted. Source IP Address—enter the Source IP address for the host from the private inside network Translated Source IP Address—enter the IP address that should be used for the packets sent from the host to the outside network.
Buttons	Add—adds and saves new configuration. Reset—resets the configuration. Delete—delete the selected entry.

Dynamic SNAT Configuration

Figure 3. Dynamic SNAT Configuration

Screen Objective	This screen allows the user to enable DNAT for all protocols (TCP/UDP) and ports on a particular interface.
Navigation	Layer 3 Management > Security > NAT > Dynamic SNAT Configuration
Fields	Interface—select the interface for which the NAT configuration needs to be modified or deleted. Network IP Address—enter the network IP address for the host from the private inside network Network Mask—enter the network mask for the host from the private inside network Translated IP Start—enter the translated IP start address that should be used for the packets sent from the host to the outside network. Translated IP End—enter the translated IP end address that should be used in the packets sent from the host to the outside network.
Buttons	Add—adds and saves new configuration. Reset—resets the configuration. Delete—delete the selected entry.

NAPT Configuration

Figure 4. NAPT Configuration

Screen Objective	This screen allows the user to enable Network Address Port Translation (NAPT) for a particular interface with options for network translation and single IP translation.
Navigation	Layer 3 Management > Security > NAT > NAPT Configuration
Fields	Select—click to select the entry for which the NAPT configuration needs to be modified or deleted. Interface—select the interface for which the NAPT configuration needs to be modified or deleted. Usage—specify the NAPT scope by selecting option from the drop-down list: NAPT for all Packets Network Translation Note: If this option is selected, 2 new fields appear and are available for entering data: Source IP Address and Source Mask. Single IP Translation Note: If this option is selected, 4 new fields appear and are available for entering data: Source IP Address, Source Port Number, Translated Source IP Address, and Translated Port Number. Source IP Address—enter / displays the actual IP address of the host connected to inside network. Source Mask—enter / displays the mask for the host from the private inside network. Source Port Number—select /displays the source port number used as a source transport identifier. Protocol—select a protocol to be used for transport identifier from the drop-down list/ displays the protocol used for the packets. There are 2 options: TCP—choose Transmission Control Protocol (TCP) to deliver and receive an ordered and error-checked stream of information packets over the network UDP—choose User Datagram Protocol (UDP) to deliver a faster stream of information without error-checking. Translated IP Address—enter / displays the translated IP address that should be used as destination IP address for the packets. Translated Port Number Port—enter / displays the translated port number used as destination transport identifier for the packets. Status—displays the status of the NAPT Configuration.
Buttons	Add—adds and saves new configuration. Reset—resets the configuration. Delete—delete the selected entry.

Destination NAT Configuration

Figure 5. Destination NAT Configuration

Screen Objective	This screen allows the user to configure the destination NAT configuration on a selected interface.
Navigation	Layer 3 Management > Security > NAT > Destination NAT Configuration
Fields	Interface—select the interface for which the NAT configuration needs to be modified or deleted. Destination IP Address—enter / displays the destination IP address. Destination Port Number—select / displays the number of destination port number used as transport identifier. Translated IP Address—enter / displays the translated IP start address for the packets. Translated Port Number—select / displays the number of destination port used as transport identifier. Protocol—select a protocol from the drop-down list/ displays the protocol used for the packets. There are 2 options: TCP—choose Transmission Control Protocol (TCP) to deliver and receive an ordered and error-checked stream of information packets over the network UDP—choose User Datagram Protocol (UDP) to deliver a faster stream of information without error-checking.
Buttons	Add—adds and saves new configuration. Reset—resets the configuration. Delete—delete the selected entry.

NAT

NAT Global Configuration

Static SNAT Configuration

Dynamic SNAT Configuration

NAPT Configuration

Destination NAT Configuration

All NAT Configurations

Active Connections

Screen Objective	This screen displays information about all parameters in Static SNAT Configuration, Dynamic SNAT Configuration, NAPT Configuration, and DNAT Configuration.
Navigation	Layer 3 Management > Security > NAT > All NAT Configuration