Patton electronic 2635 Introduction to NAT, Enabling NAT, Global address pool and reserved map

Page 80

Models 2603, 2621, and 2635 Getting Started Guide

7 • Security

 

 

Introduction to NAT

The basic steps for configuring NAT are:

1.Enable NAT between the internal and external interfaces of the firewall.

2.Create global addresses which will be added to the global pool of IP addresses on the WAN interface.

3.Create a reserved mapping between a global IP address and the IP address of an internal PC.

A Global Address Pool is a pool of addresses seen from the outside network. Each external interface creates a Global Address Pool with a single address—the address assigned to that interface. For outbound sessions, an address is picked from a pool by hashing the source IP address for a pool index and then hashing again for an address index. For inbound sessions, it is necessary to create a reserved mapping.

A reserved mapping is used so that NAT knows where to route packets on inbound sessions. The reserved map- ping will map a specific global address and port to an inside address and port. Reserved mappings can also be used so that different inside hosts can share a global address by mapping different ports to different hosts. For example, Host A is an FTP server and Host B is a web server. By mapping the FTP port to Host A and the HTTP port to Host B, both insides hosts can share the same global address. Setting the protocol number to 255 (0xFF) means that the mapping will apply to all protocols. Setting the port number to 65535 (0xFFFF) for TCP or UDP protocols means that the mapping will apply to all port numbers for that protocol.

Some applications embed address and/or port information in the payload of the packet. The most notorious of these is FTP. For most applications, it is sufficient to create a trigger with address replacement enabled. However there are three applications for which a specific Application Level Gateway is provided: FTP, Net- BIOS, and DNS.

Enabling NAT

The configuration of NAT in this example follows on the preceding configuration completed earlier in this chapter.

1.Go to the “Security Interface Configuration” page by clicking on Security under Configuration in the menu.

2.Click on Enable NAT to internal interfaces in the Security Interfaces table. NAT is now enabled between the internal (LAN) and the external (WAN) interfaces of the firewall.

Global address pool and reserved map

1.Click on Advanced NAT Configuration... on the web page, “Security Interface Configuration.”

2.Click on the hyperlink Add Global Address Pool... The global IP addresses need to be created and put into the Global Address Pool.

3.Set the parameters to the following values (See figure 53.):

Interface Type: internal

Use Subnet Configuration: Use IP Address Range

IP Address: 100.100.100.101

Subnet Mask/IP Address 2: 100.100.100.102

Introduction to NAT

80

Page 79 Page 81
Image 80
Page 79 Page 81
Contents IPLink Series High Speed Routers Mailsupport@patton.com Summary Table of Contents Contents Contents Models 2603, 2621, and 2635 Getting Started Guide Remote Site Configuration Central site configuration EMC Ethernet Cable 123 Adapter Contents Models 2603, 2621, and 2635 Getting Started Guide List of Figures Models 2603, 2621, and 2635 Getting Started Guide List of Tables Structure About this guideAudience Precautions Impaired functioningSafety when working with electricity General observationsGeneral conventions Factory default parametersTypographical conventions used in this document Chapter contents General InformationIPLink Series High Speed Routers overview General attributesEthernet Protocol supportPPP Support WAN InterfacesSecurity Front Panel Status LEDs and Console PortRear panel connectors and switches Console portPower connector Ethernet port outlined in greenGeneral Information Product Overview Introduction Applications Overview Sync Serial ApplicationInitial Configuration What you will need Hardware installationInterface cable installation RJ-48C pinout diagram Models 2603, 2621, and 2635 Getting Started Guide Mechanical serviceability Case being opened with a screwdriver Ethernet connector Interface connector RJ-45 DB-25 Installing the AC power cord DCEInitial Configuration Installing the Ethernet cable Do the followingIP address modification Web Operation and ConfigurationPC Configuration Web BrowserModel 2603 home Model 2635 home Ethernet LAN Port LAN Connections Ethernet PortBasic Ethernet port attributes Configurable Ethernet parameters Serial Port Configuration Variables WAN Serial Port ConfigurationSerial Interface Web Interface Configuration T1/E1 Interface ConfigurationConfiguring the IPLink Series 2603 for T1 Operation Web Configuration , enter username See figureLine Options Fractional T1 Configuring the IPLink Series 2603 for E1 OperationSerial Port Configuration WAN Services PPP BridgedWAN Services PPP Bridged WAN Service ConfigurationPPP Configuration Leave User name and Password blank. Click on Create PPP Routed Remote site configurationClick on Create Click the Update button PPP link status LMI Management Frame Relay links LMI ConfigurationWeb Configuration Methods Frame Relay Configuration Dlci Number UseFrame Relay bridged Frame Relay bridged creationCentral site configuration Frame Relay Routed RelayDescription FR routed Frame Relay Channel Routed configuration Cost Interface frame-0 WAN Services Security Click on Create a new service Configuring the routerClick on the Create a new Ip route... hyperlink Configuring the security interfaces Valid gateway routeSecurity configuration home Configuring Security Policies Define ‘ppp-0’ interface as ExternalDeleting a security Policy Enabling the FirewallFirewall Portfilters Security Triggers Add Raw IP FilterConfiguring TCP port filter for FTP Adding trigger for FTP data transfer Intrusion Detection System IDS Attack Name Protocol Attacking Host Blacklisted?Security Global address pool and reserved map Introduction to NATEnabling NAT Click on Add Global Address Pool button Dhcp and DNS Configuration Services and features normally associated with each other Dhcp Server NATDhcp Server web Parameters for the Dhcp Server subnet Dhcp server configuration webIP Addresses to be available on this subnet Dhcp IP address poolExample based on default range of IP address pool DNS server option informationDefault gateway option information Additional option informationDhcp Relay Configuration of the Dhcp RelayDhcp Relay webpage DNS Relay Configuring the DNS RelayDNS Relay configuration webpage IP Services CLI Configuration IP ServicesWEB Server Associated Ports for the different System IP Services System Configuration Authentication Authentication web page showing default superuserAlarm Access the configuration and status of the alarmsRemote Access Alarm & Alarm Error Log configurationSave UpdateBackup/Restore Website Settings RestartError Log Snmp DaemonSystem Tools Snmp Daemon configurationSntp Client Configuration Sntp Client Mode Configuration Parameters Configuring the Sntp ClientSystem Clock Setting Sntp Client General Configuration ParametersConfiguration of the internal system calendar clock System Status System Status Port Connection StatusLAN Status WAN StatusHardware Status Defined InterfacesStatus LEDs Contacting Patton for assistance Patton support headquarters in the USA Warranty coverageContact information Out-of-warranty service Returns for creditReturn for credit policy RMA numbersAppendix a Compliance information EMCSafety ComplianceRadio and TV Interference FCC Part CE Declaration of ConformityAuthorized European Representative Appendix B Specifications General Characteristics EthernetSync Serial Interface T1/E1 InterfaceManagement Protocol SupportPPP Support Dimensions Power and Power Supply SpecificationsAC universal power supply VDC power supplyAppendix C Cable Recommendations Ethernet Cable AdapterAppendix D IPLink Physical Connectors RJ-45 shielded 10/100 Ethernet port RJ-45 non-shielded RS-232 console port EIA-56135 M/34 and DB-25 Connector Serial port21 DB-15 Connector Pin No Circuit Signal Name DirectionE1/T1 RJ-48C Connector Pin No SignalAppendix E Command Line Interface CLI Operation Using the Console CLI TerminologyLocal VT-100 emulation Remote TelnetThen Adding new users Administering user accountsSetting user passwords Controlling user access Changing user settingsControlling login access
Related manuals
Manual 133 pages 40.62 Kb Manual 8 pages 11.19 Kb
Top Page Image Contents