Dynamic NAT
Network Address Translation (NAT) is the process of mapping IP addresses belonging to one address space into another.
Dynamic Network Address Translation (NAT) maps or translates a group of internal or real IP addresses into IP addresses that are routable on the destination network. Dynamic NAT, similar to static NAT establishes a one-to-one mapping between the IP addresses with a slight variation that this mapping can vary depending on the IP address that is free at that time. For this function, Dynamic NAT requires a pool of IP addresses to be defined and available for mapping the internal addresses.
Dynamic NAT translations are purged out of the NAT table after a certain time out interval and the table is repopulated only when there is traffic again.
Dynamic NAT Configuration has two parts to it –
Defining NAT Pool | Define and configure a pool of IP address which are a part of the external network (Outside IP address) |
Define NAT Rule | Configure a pool of IP addresses which are part of the source of the Internal Network (LAN) |
High-Level Topology
The topology consists of two LAN users who want to access the Internet. Their IP addresses are mapped using Dynamic NAT to an external IP address that is routable in the external network (Internet). Using the function of Dynamic NAT, the users are able to access the Internet.
Configuration
Objectives:
A. Configure a NAT Pool with the details of the Public routable IPs
B. Configure a NAT rule to translate Internal LAN IP address to the Public IPs and from there on access the Internet.
Step 1: Configure a CGNAT Pool - Define the Public IP segment or Pool to which the Internal LAN subnet will get NATted to. - Map it to the Internet routing instance - 'INET-Transport-VR'
The Public IP segment or the range of IPs, in this case, is172.16.82.96 and 172.16.82.97.
Just like in Basic-NAT, we do not have to select any Port in Dynamic NAT. Click on OK to complete creating the NAT Pool.
Step 2: Configure a NAT Rule - NAT Rule should be defined in a such a way to translate the source IPs (LAN) to the external IP address defined in the NAT pool in Step 1 - NAT mode to be configured as 'dynamic-nat-44'
Configure the source IP Prefix or IP address range and select the appropriate LAN-VR routing instance.
In the Action tab, choose the NAT mode as ‘dynamic-nat-44‘ and map the NAT pool created in Step 1 here.
Enable logging to log the events in Analytics.
Verification
When the users in the LAN try to access the Internet, they are able to do so. When we see the outbound NAT sessions, we see that the original source IP is translated or NATted to one of the IPs from the NAT pool.
admin@twitterNAT-cli> show orgs org edwardjones sessions nat brief NAT NAT NAT VSN VSN SESS DESTINATION SOURCE DESTINATION NAT SOURCE DESTINATION SOURCE DESTINATION ID VID ID SOURCE IP IP PORT PORT PROTOCOL NATTED SDWAN APPLICATION IP IP PORT PORT ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0 2 1323 172.16.226.100 157.240.2.35 52017 443 6 Yes No facebook 172.16.82.96 157.240.2.35 52017 443 0 2 1337 172.16.226.101 184.51.189.164 34196 443 6 Yes No amazon 172.16.82.97 184.51.189.164 34196 443 [ok][2019-07-05 12:34:30] admin@twitterNAT-cli>
From the output it is clear that multiple LAN hosts are getting different Public IP address while access the Internet resources.
Summary
In this article, we saw how to configure Dynamic NAT using Versa VOS and verify the logs using the CLI.