Manuals / Brands / Computer Equipment / Network Router / Black Box / Computer Equipment / Network Router

Black Box LR1102A-T1/E1, LR1104A-T1/E1, LR1112A-T1/E1, LR1114A-T1/E1 13.1.3Port Address Translation (Many to one)

1 142

Download 142 pages, 1.56 Mb

Black Box LR11xx Series Router Configurations Guide

88

13.1.3Port Address Translation (Many to one)

Figure 27 Mapping Multiple NAT Addresses to One Public IP Address

NAT allows multiple IP addresses to be mapped to one address.

There are two methods to configure Port Address Translation (PAT) on the Black Box gateway. In the first method, specify the

IP address to the nat-ip parameter in the policy command. In the second method, create a pool of type PAT and then

attach it to the policy.

In PAT, multiple hosts can share the same IP address.

The PAT configuration shown in Figure27 includes:

Private network address: 10.1.1.1—10.1.1.3

PAT address: 50.1.1.5

Method:1 – Specifying NAT address with the policy command

To configure this method of PAT, add the policy with the source IP address range, then specify the nat-ip address in the

policy command.

Blackbox/configure> firewall corp

Blackbox/configure/firewall corp> poli cy 2 out address 10.1.1.1 10.1.1.3 any any nat-ip

50.1.1.5

Blackbox/configure/firewall corp/polic y 2 out> exit 2

Blackbox/configure>

Method:2 – Attaching nat pool to the policy

To configure the second type of NAT, create a NAT pool with type pat and specify the IP address. Then add the policy with

the source IP address range. Finally, attach the NAT pool to the policy.

Blackbox/configure> firewall corp

Blackbox/configure/firewall corp> obje ct

Blackbox/configure/firewall corp/obj ect> nat-pool addresspoolPat pat 50.1.1 .5

Blackbox/configure/firewall corp/obj ect> exit

Blackbox/configure/firewall corp> poli cy 2 out address 10.1.1.1 10.1.1.3 any any

Blackbox/configure/firewall corp/polic y 2 out> apply-object nat-pool addresspoolPat

Blackbox/configure/firewall corp/polic y 2 out> exit 2

Blackbox/configure>

OPAL

50.1.1.5

INTERNET

10.1.1.3

10.1.1.2

10.1.1.1

Contents

Main Black Box LR11xx Series Router Configurations Page Normas Oficiales Mexicanas (NOM) Electrical Safety Statement INSTRUCCIONES DE SEGURIDAD Page Contents Page Page Page Page Page DHCP R 1.1DHCP Relay 1.1.1 Feature Overview 1.1.2 Functionality 1.1.2.1 BOOTP Requests 1.1.3 Using DHCP Relay with NAT Figure 4 A Typical Scenario 1.1.4 Command Line Interface DHCP Relay 1.1.5 Displaying DHCP Configuration 1.1.6 Displaying Statistics Figure 5 show dhcp_relay Command Figure 6 show dhcp_relay Command Figure 7 Displaying Ethernet Interface Statistics 1.1.7 DHCP Limitations I G P ANAGEMENT NTERNET 2.1.1 IGMP Commands 2.1.2 IGMP Configuration Examples Page Page 3w IP T ILTERING RAFFIC 3.1IP Packet Filter Lists 3.1.2 Example 2 3.1.3 Example 3 ECURITY 4.1IPSec Configurations 4.2 Example 1: Managing the Black Box LR1104A Securely Over an IPSec Tunnel Example 1: Managing the Black Step 7: Display IKE policies in detail Shows the details of the IPSec policies. Step 8: Configure the IPSec tunnel to the remote host Step 9: Display IPSec policies Page Example 1: Managing the Black Step 12: Display SNMP communities Step 1: Configure a WAN bundle of network type untrusted 4.3 Example 2: Single Proposal: Tunnel Mode Between Two Black Box Security Gateways Figure 9 Tunnel Mode Between Two Black Box Security Gateways - Single Proposals Example 2: Single Proposal: Tun- Step 2: Configure the Ethernet interface with trusted network type Step 3: Display the crypto interfaces Step 7: Configure IPSec tunnel to the remote host Step 8: Display IPSec policies Using the show crypto ipsec policy all command. Example 2: Single Proposal: Tun- Page 4.4 Example 3: Multiple IPSec Proposals: Tunnel Mode Between Two Black Box Security Gateways Step 7: Configure IPSec tunnel to the remote host 4.5 Example 4: IPSec remote access to corporate LAN using user group method Page Page Page Example 4: IPSec remote access 4.1Example 5: IPSec remote access to corporate LAN using mode configuration method Page Page Page Page Page Page IPS S EC PECIFICATIONS 5.1IPSec Appendix 5.1.1 Black Box IKE and IPSec Defaults Page Page IP T ORWARDING RAFFIC 6.1IP Multiplexing 6.1.1 Packet Forwarding Modes 6.1.3 Addressing in IP Multiplexing Networks IP Multiplexing 6.1.4 Single Subnet Table 7 Split Subnet Addressing Table 6 Single Subnet Addressing 6.1.5 Split Subnet 6.1.6 Secondary Addressing POP Only Table 9 30-Bit Secondary Addressing Table 8 POP Only Secondary Addressing 6.1.7 Secondary Addressing 30 Bit IP Multiplexing 6.1.8 Secondary Addressing 29 Bit 6.1.9 Pros and Cons of Different IP Addressing Schemes The following table provides information about addressing scheme pros and cons. Table 10 Addressing Schemes: Pros and Cons 6.1.10 Routing Considerations for IP Multiplexing Page IP M ULTIPLEXING HDLC 7.1Connecting a Black Box Router to a Router/CSU via HDLC Configuration Guide 7.1.1 Configure the Black Box LR1104A at Site 2 Page Figure 16 IP Multiplexing Application MAIN SITE SITE 3 SITE 1 LR1104A 8.1.1 Configure the Black Box LR1104A at the Main Site Page PPP, MLPPP, AND HDLC 9.1Layer Two Configurations: PPP, MLPPP, and HDLC 9.1.1 MLPPP Configuration 9.1.2 PPP and MLPPP Configuration 9.1.3 HDLC Configuration HDLC encapsulation may be substituted for PPP between the main site and site 2 IREWALLS 10.1Firewalls 10.2 Firewall Configuration Examples 10.2.1 Basic Firewall Configuration CORP DMZ 10.2.1.0/24 10.3.1.0/24 Page Page Page Page Page Page 10.2.1 Stopping DoS Attacks 10.2.2 Packet Reassembly 10.3 NAT Configurations 10.4 NAT Configuration Examples 10.4.1 Dynamic NAT (many to many) 10.4.2 Static NAT (one to one) 10.4.3Port Address Translation (Many to one) Page ULTIPATH ULTICAST 11.1Multipath Multicast 11.2Multipath Commands 11.2.1Multipath Examples NA T 12.1Network Address Translation 12.1.1 Dynamic NAT 12.1.2 Static NAT 12.1.3 Configuration for Figure 1 12.1.4Configuration for Figure 2 12.1.5Reverse NAT Figure 24 Reverse NAT 12.1.6 Configuration for Figure 3 NA T C E ONFIGURATION XAMPLES 13.1 NAT Configurations Page 13.1.2Static NAT (one to one) 13.1.3Port Address Translation (Many to one) A VPN CCESS EMOTE S 14.3 Configuration Examples 14.4 IPSec Remote Access User Group Method Single Proposal, Pre-shared Key Authentication IPSec Remote Access User Figure 28 User Group Remote Access Configuration To create the user group configuration enter: 14.5 IPSec Remote Access Mode Configuration Group Method IPSec Remote Access Mode Con- Page N R P NFORMATION WITH Page TATIC OUTES 16.1 Static Routing Configuration 16.1.1Configure the Router at Site A 16.1.2Configure the Router at site B O P R IRST HORTEST 17.1.4Configuring ospf 17.1.5Configuring ospf interface parameters 17.1.6Displaying neighbors 17.1.7Displaying ospf routes 17.1.8Displaying IP routes G R E ENERIC NCAPSULATION 18.3 GRE Configuration Examples This example explains how to configure a basic GRE tunnel as shown in Figure36. 18.3.1Configuring Site to Site Tunnel For more information enter: 18.4 Configuring GRE Site to Site with IPSec 18.5 Configuring GRE Site to Site with IPSec and OSPF Page Page NDEPENDENT ULTICASTING 20.1 PIM Configuration 20.1.1PIM Commands Page PIM Configuration The show and debug PIM commands are: 20.1.2PIM Configuration Examples Page Page PIM Configuration To examine PIM BSR statistics, enter: To reset PIM counters, enter: Page MTRACE ONFIGURATION 21.1 Multicast Traceroute Facility 21.1.1mtrace Command 21.1.2mtrace Example Q S OF UALITY 22.1.2Definitions 22.1.3Classification Types Configuring QoS Configuration for the example in Figure 38: 22.1.4 VLAN Identifiers Figure 39 Assigning VLAN Identifiers Configuration for Figure39: 22.1.5Bulk Statistics Configuring QoS Figure 40 Screen Display for show qos bulkstats_config Command Page V LAN T IRTUAL AGGING 23.1 Managing Traffic with VLAN Tagging 23.1.1 Reston configuration: Black Box LR1104A Managing Traffic with VLAN Tag- 23.1.2 DC configuration: Black Box LR1114A Page ANAGING EDUNDANT CONNECTIONS continue to pass traffic. When E0 recovers, traffic will be switched back. 24.1 Trunk Group/Failover Figure 42 Trunk Group/Failover Configuration Page WAN I C NTERFACE 25.1 T1 Interface Configuration 25.1.1Module Configuration 27.1.3 T1 27.1.4 NxT1 V LAN F IRTUAL ORWARDING 26.1 Managing VLAN Traffic Page Managing VLAN Traffic 26.1.1POP configuration: Black Box LR1104A 26.1.2Bldg1 configuration: Black Box LR1114A Page UTLILINK 27.1Multilink Frame Relay FRF.15 and FRF.16 27.1.1 Features Page AND ULTILINK 100 Base-T S 28.1 Layer Two Configurations FR and MFR 28.1.1 FR Configuration Layer Two Configurations FR 28.1.2 MFR Configuration