Configuring and Verifying Dynamic NAT

Dynamic NAT

Network Address Translation (NAT) is the process of mapping IP addresses belonging to one address space into another.

Dynamic Network Address Translation (NAT) maps or translates a group of internal or real IP addresses into IP addresses that are routable on the destination network. Dynamic NAT, similar to static NAT establishes a one-to-one mapping between the IP addresses with a slight variation that this mapping can vary depending on the IP address that is free at that time. For this function, Dynamic NAT requires a pool of IP addresses to be defined and available for mapping the internal addresses.

Dynamic NAT translations are purged out of the NAT table after a certain time out interval and the table is repopulated only when there is traffic again.

Dynamic NAT Configuration has two parts to it –

Defining NAT Pool Define and configure a pool of IP address which are a part of the external network (Outside IP address)
Define NAT Rule Configure a pool of IP addresses which are part of the source of the Internal Network (LAN)

High-Level Topology

The topology consists of two LAN users who want to access the Internet. Their IP addresses are mapped using Dynamic NAT to an external IP address that is routable in the external network (Internet). Using the function of Dynamic NAT, the users are able to access the Internet.

Configuration

Objectives:

A. Configure a NAT Pool with the details of the Public routable IPs
B. Configure a NAT rule to translate Internal LAN IP address to the Public IPs and from there on access the Internet.

Step 1: Configure a CGNAT Pool
- Define the Public IP segment or Pool to which the Internal LAN subnet will get NATted to.
- Map it to the Internet routing instance - 'INET-Transport-VR'

The Public IP segment or the range of IPs, in this case, is172.16.82.96 and 172.16.82.97.

 

Just like in Basic-NAT, we do not have to select any Port in Dynamic NAT. Click on OK to complete creating the NAT Pool.

Step 2: Configure a NAT Rule
- NAT Rule should be defined in a such a way to translate the source IPs (LAN) to the external IP address defined in the NAT pool in Step 1
- NAT mode to be configured as 'dynamic-nat-44'

Configure the source IP Prefix or IP address range and select the appropriate LAN-VR routing instance.

In the Action tab, choose the NAT mode as ‘dynamic-nat-44‘ and map the NAT pool created in Step 1 here.

Enable logging to log the events in Analytics.

Verification

When the users in the LAN try to access the Internet, they are able to do so. When we see the outbound NAT sessions, we see that the original source IP is translated or NATted to one of the IPs from the NAT pool.

admin@twitterNAT-cli> show orgs org edwardjones sessions nat brief
                                                                                                                                                                                                                                       NAT                     NAT           NAT
VSN  VSN   SESS                               DESTINATION      SOURCE    DESTINATION                                                                            NAT SOURCE     DESTINATION    SOURCE    DESTINATION
ID      VID    ID        SOURCE IP          IP                           PORT        PORT                PROTOCOL  NATTED  SDWAN  APPLICATION    IP                       IP                         PORT        PORT
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
0        2        1323  172.16.226.100   157.240.2.35            52017       443                  6                    Yes           No        facebook           172.16.82.96     157.240.2.35          52017       443
0        2        1337  172.16.226.101   184.51.189.164        34196       443                  6                    Yes           No        amazon              172.16.82.97     184.51.189.164     34196       443
[ok][2019-07-05 12:34:30]
admin@twitterNAT-cli>

From the output it is clear that multiple LAN hosts are getting different Public IP address while access the Internet resources.

Summary

In this article, we saw how to configure Dynamic NAT using Versa VOS and verify the logs using the CLI.

Powered by BetterDocs