Black Box LR1104A-T1/E1, LR1112A-T1/E1, LR1114A-T1/E1, LR1102A-T1/E1

Black Box LR11xx Series Router Configurations Guide

13.1.3Port Address Translation (Many to one)

Figure 27 Mapping Multiple NAT Addresses to One Public IP Address

10.1.1.1

10.1.1.2

INTERNET

50.1.1.5

10.1.1.3

NAT allows multiple IP addresses to be mapped to one address.

There are two methods to configure Port Address Translation (PAT) on the Black Box gateway. In the first method, specify the IP address to the nat-ipparameter in the policy command. In the second method, create a pool of type PAT and then attach it to the policy.

In PAT, multiple hosts can share the same IP address.

The PAT configuration shown in Figure 27 includes:

Private network address: 10.1.1.1—10.1.1.3

PAT address: 50.1.1.5

Method:1 – Specifying NAT address with the policy command

To configure this method of PAT, add the policy with the source IP address range, then specify the nat-ipaddress in the policy command.

Blackbox/configure> firewall corp

Blackbox/configure/firewall corp> policy 2 out address 10.1.1.1 10.1.1.3 any any nat-ip 50.1.1.5

Blackbox/configure/firewall corp/policy 2 out> exit 2

Blackbox/configure>

Method:2 – Attaching nat pool to the policy

To configure the second type of NAT, create a NAT pool with type pat and specify the IP address. Then add the policy with the source IP address range. Finally, attach the NAT pool to the policy.

Blackbox/configure> firewall corp

Blackbox/configure/firewall corp> object

Blackbox/configure/firewall corp/object> nat-pool addresspoolPat pat 50.1.1.5 Blackbox/configure/firewall corp/object> exit Blackbox/configure/firewall corp> policy 2 out address 10.1.1.1 10.1.1.3 any any Blackbox/configure/firewall corp/policy 2 out> apply-objectnat-pool addresspoolPat Blackbox/configure/firewall corp/policy 2 out> exit 2

Blackbox/configure>

88

Image 86

Black Box LR1104A-T1/E1 13.1.3Port Address Translation Many to one, Method1 Specifying NAT address with the policy command

Contents

Black Box LR11xx Series Router Configurations Black Box LR11xx Series Router Configurations Guide Normas Oficiales Mexicanas NOM Electrical Safety Statement Instrucciones DE Seguridad Black Box LR11xx Series Router Configurations Guide Contents Ipsec Specifications Ultipath M Ulticast C Onfigurations 117 101107 119 WAN I Nterface C Onfigurations Black Box LR11xx Series Router Configurations Guide 1DHCP Relay Feature OverviewBootp Requests Functionality Bootp Replies Using Dhcp Relay with NATCommand Line Interface Enabling Dhcp Relay Displaying Statistics Displaying Dhcp ConfigurationConfiguring the Gateway Address field when NAT is enabled Dhcp Relay Dhcp Limitations Displaying Ethernet Interface Statistics Configuring Internet Group Management Protocol 1IGMP Configuration Example Igmp CommandsIgmp Configuration Examples 2.11Example Igmp Configuration2.10Example 2.12Example Black Box LR11xx Series Router Configurations Guide Filtering IP Traffic Configure the Black Box LR1104ABlackbox configure term Blackbox/configure ip 1IP Packet Filter Lists Blackbox/configure/ip applyfilter WAN1 filterc Blackbox configure terminal Blackbox/configure ipBlackbox/configure/ip applyfilter WAN1 filterb Example Configuring Security 1IPSec Configurations Display the crypto interfaces Configure IKE to the peer gateway Example 1 Managing the Black Permit SE Enable Snmp on the Black Box1 router Display Snmp communities Configure IPSec tunnel to the remote host Example 2 Single Proposal Tun Using the show crypto ipsec policy all command 1022 Out Any Black Box1 Show firewall policy corp detail Policy with Example 3 Multiple IPSec Pro Message Proposal added with priority2-esp-3des-sha1-tunnel Example 4 IPSec remote access As in of Example Configure dynamic IPSec policy for a group of mobile users Display dynamic IKE policies in detail Display dynamic IPSec policies Display dynamic IPSec policies in detail Lifetime in Kilobytes Bytes In 0, Bytes Out Permit E Example 5 IPSec remote access Display dynamic IKE policies Display dynamic IKE policies in detail Permit 20.1.1.150 1022 Out Any Example 5 IPSec remote access Black Box LR11xx Series Router Configurations Guide Ipsec Specifications 1IPSec Appendix IPSec Defaults Black Box IKE and IPSec DefaultsIKE Defaults IPSec Appendix ESP Black Box LR11xx Series Router Configurations Guide Packet Forwarding Modes Forwarding IP Traffic1IP Multiplexing Proxy ARP and Packet Forwarding Addressing in IP Multiplexing Networks Proxy ARP and Packet Forwarding IP Multiplexing Single SubnetSplit Subnet Secondary Addressing POP Only Secondary Addressing 30 Bit Routing Considerations for IP Multiplexing Secondary Addressing 29 BitPros and Cons of Different IP Addressing Schemes Black Box LR11xx Series Router Configurations Guide IP Multiplexing Hdlc Configurations 1Connecting a Black Box Router to a Router/CSU Via Hdlc Configure the Black Box LR1104A at Site Configuration Guide IP Multiplexing PPP and Mlppp Configurations 1Configuring Multiple PPP and Mlppp Bundles LR1104A Configure the Black Box LR1104A at the Main Site Configuring Multiple PPP Black Box LR11xx Series Router Configurations Guide LR1114A Configuring PPP, MLPPP,1Layer Two Configurations PPP, MLPPP, LR1104A Hdlc Configuration Mlppp ConfigurationPPP and Mlppp Configuration Configure the Black Box LR1114A System at Site Configuring Firewalls 10.1Firewalls Firewall Configuration Examples Basic Firewall Configuration Create the security zones Corp and DMZ and attach interfaces Create policies for Security Zone Corp that Verify the firewall policy for Security Zone Corp Create policies for Security Zone DMZ that Create a default route out of the WAN Verify the firewall policy for Security Zone DMZ Black Box LR11xx Series Router Configurations Guide Firewall Configuration Ex Black Box LR11xx Series Router Configurations Guide Stopping DoS Attacks Packet Reassembly NAT ConfigurationsNAT Configuration Examples NAT Configuration Examples Dynamic NAT many to many Static NAT one to one Static NAT Method2 Attaching nat pool to the policy Method1 Specifying NAT address with the policy command10.4.3Port Address Translation Many to one Black Box LR11xx Series Router Configurations Guide Multipath Multicast Configurations 11.1Multipath Multicast 11.2Multipath Commands 11.2.1Multipath Examples Dynamic NAT Configuring NAT12.1Network Address Translation Static NAT Configuration for Figure Dynamic and Static NAT Network Address Translation 12.1.4Configuration for FigureReverse NAT Blackbox configure terminal Reverse NAT NAT Configuration Examples 13.1.1Dynamic NAT many to many 60.1.1.1 13.1.2Static NAT one to one 13.1.3Port Address Translation Many to one Access Methods Remote Access VpnsSecure Remote Access Using IPSec VPN Remote Access User Group Configuration Examples Remote Access Mode Configuration IPSec Remote Access User Black Box #1 IPSec Remote Access Mode Configuration Group Method David@blackboxcom .com IPSec Remote Access Mode Con Mike@Blackbox.com Black Box LR11xx Series Router Configurations Guide 15.1.3Displaying All Configured RIP Interfaces 15.1.1Configuring RIP for Ethernet 0 and WAN 1 Interfaces15.1.2Displaying RIP Configuration Networking with Routing Information Protocol Show ip rip interface all Command Configuring Static Routes Static Routing Configuration Blackbox/configure ip route 0.0.0.0 0.0.0.0 10.1.1.2 16.1.1Configure the Router at Site a16.1.2Configure the Router at site B 17.1.2Configuring interface ethernet Configuring Open Shortest Path First Routing17.1.1Configuring the host name 17.1.3Configuring interface bundle Dallas 17.1.6Displaying neighbors 17.1.4Configuring ospf17.1.5Configuring ospf interface parameters 17.1.7Displaying ospf routes Installing Licenses Configuring Generic Routing EncapsulationConfiguring GRE GRE Configuration Examples 18.3.1Configuring Site to Site Tunnel GRE Configuration Examples For more information enter Configuring GRE Site to Site with IPSec Configuring GRE Site to Site with Configuring GRE Site to Site with IPSec and Ospf Add to the Cisco configuration above Configuring Ospf and Frame Relay Ospf Frame Relay 19.1.3Configuring interface bundle Dallas 19.1.1Configuring the host name19.1.2Configuring interface ethernet 19.1.4Configuring Ospf 20.1.1PIM Commands Configuring Protocol Independent Multicasting RoutingPIM Configuration Bootstrap Router related Commands PIM Configuration Show and debug PIM commands are 20.1.2PIM Configuration Examples Blackbox/configure/ip/pim register-suppress-timeout Blackbox/configure display ip pim global Blackbox/configure display ip pim neighbors Blackbox clear ip pim statistics 116 Multicast Traceroute Facility Mtrace Configuration21.1.1mtrace Command Restrictions Mtrace Example Blackbox mtrace 192.168.0.0 192.168.2.22 22.1.1Features Configuring Quality of Service RoutingConfiguring QoS 22.1.2Definitions 22.1.3Classification Types Create bundle AppTest Configuring QoSVlan Identifiers Create traffic classes Create traffic classes and assign classifications 22.1.5Bulk StatisticsCreate bundle VLANtest Screen Display for show qos bulkstatsconfig Command Configuring bulk statistics 124 Virtual LAN Tagging Managing Traffic with Vlan Tagging Reston configuration Black Box LR1104A # The POP router is 205.1.1.1/30 DC configuration Black Box LR1114A Managing Traffic with Vlan Tag 128 Trunk Group/Failover 24.1.1Configuration DetailsManaging Redundant Connections Configure the Black Box LR1114A for Failover Operation 25.1.1Module Configuration WAN Interface Configurations25.1 T1 Interface Configuration Bundle Configuration Blackbox/configure interface bundle demo2 Configure a Fractional T1 Hdlc BundleConfigure a T1 PPP Bundle Configure an N x T1 Mlppp Bundle Virtual LAN Forwarding Managing Vlan Traffic 134 Managing Vlan Traffic 26.1.1POP configuration Black Box LR1104A26.1.2Bldg1 configuration Black Box LR1114A 10 br Configure interface bundle uplinkConfigure Snmp 27.1Multilink Frame Relay FRF.15 and FRF.16 FeaturesMutlilink Frame Relay 27.1.1.4 # Configure CVC3 27.1.1.1 # Configure Ethernet interface27.1.1.2 # Configure CVC1 27.1.1.5 #Configure AVC Configuring Frame Relay Multilink Frame Relay Layer Two Configurations FR and MFR FR Configuration Configure the Hssi Bundle at Site Configure the Clear Channel Bundle on the LR1104A MFR ConfigurationLayer Two Configurations FR Configure the LR1104A LR1104A at Site 142 Copyright 2004. Black Box Corporation. All rights reserved