Cisco Cisco Packet Data Gateway (PDG) Fehlerbehebungsanleitung
NAT Configuration
▀ Configuring NAT
▄ Cisco ASR 5000 Series Network Address Translation Administration Guide
OL-22992-01
IP pool and NAT IP pool and NAT IP pool group names are case sensitive.
The IP addresses configured in the NAT IP pools within a context must not overlap. At any time, within a
context, a NAT IP address must be configured in any one NAT IP pool.
The IP addresses in a NAT IP pool may be contiguous, and must be assignable as a subnet or a range that
constitutes less than an entire subnet.
For many-to-one NAT IP pools, the default NAT Binding Timer value is 60 seconds. For one-to-one NAT IP
pools, by default the feature is disabled—the IP addresses/ port-chunks once allocated will never be freed.
Thresholds configured using the
keyword are specific to the pool that they are configured
in. Thresholds configured using the
commands in the Context Configuration
Mode apply to all IP pools in the context, and override the threshold configurations set within individual pools.
Not-on-demand allocation mode is the default NAT IP Address Allocation mode.
To add a NAT IP pool to a NAT IP pool group, use the
option.
NAT IP pool and NAT IP pool group names must be unique.
When configuring a NAT IP pool group, note that only those NAT IP pools that have similar characteristics
can be grouped together. The similarity is determined by the ―napt-users-per-ip-address‖, ―napt-users-per-ip-
address <users>‖, ―on-demand‖, and ―port-chunk-size‖ parameters. Dissimilar NAT IP pools cannot be
grouped together.
can be grouped together. The similarity is determined by the ―napt-users-per-ip-address‖, ―napt-users-per-ip-
address <users>‖, ―on-demand‖, and ―port-chunk-size‖ parameters. Dissimilar NAT IP pools cannot be
grouped together.
It is recommended that for each NAT IP pool in a NAT IP pool group the other parameters (―nat-binding-
timer‖, ―send-nat-binding-update‖, ―nexthop-forwarding-address‖, ―send-icmp-dest-unreachable‖, ―srp-
activate‖, and ―port-chunk-threshold‖) also be configured with the same values, so that the NAT behavior is
predictable across all NAT IP pools in that NAT IP pool group.
timer‖, ―send-nat-binding-update‖, ―nexthop-forwarding-address‖, ―send-icmp-dest-unreachable‖, ―srp-
activate‖, and ―port-chunk-threshold‖) also be configured with the same values, so that the NAT behavior is
predictable across all NAT IP pools in that NAT IP pool group.
The NAT IP pool from which a NAT IP address is assigned will determine the actual values to use for all
parameters.
parameters.
It is recommended that in a Firewall-and-NAT policy all the realms configured either be NAT IP pools or NAT
IP pool groups. If both NAT IP pool(s) and NAT IP pool group(s) are configured, ensure that none of the NAT
IP pool(s) are also included in the NAT IP pool group.
IP pool(s) are also included in the NAT IP pool group.
Configuring Firewall-and-NAT Policies
To create and configure a Firewall-and-NAT Policy, use the following configuration: