Controller Based WLANs

 View Only
last person joined: one year ago 

APs, Controllers, VIA
Back to Library

Do we support dual-nat and Is there a way to dual-nat to external host without the "ip nat inside" option on controller? 

Apr 09, 2015 07:35 AM

Environment : Any typical environment for the usage of both src-nat and dst-nat functionality

 

Yes. Dual-nat performs both source and destination NAT on packets matching the rule.
Forward packets from source network to destination; re-mark them with destination IP of the target network. This action functions in tunnel/decrypt-tunnel forwarding mode. User should configure the NAT pool in the controller.
 
When using "dual-nat", only the source NAT pool can be specified. However is there a way to dual-nat to external host without the "ip nat inside" option?
 
(Test-Lab) (config-sess-guest-web)#user any tcp 80 dual-nat pool test-pool ?
<0-65535>               Destination NAT port number
blacklist               Blacklist user if ACL gets applied
disable-scanning        Pause ARM scanning while traffic is present
dot1p-priority          Assign 802.1p priority
log                     Log if ACL gets applied
mirror                  Mirror all session packets to datapath or remote
                        destination
position                Filter position. Default is last. 1 is first.
queue                   Assign queue priority of the flow
time-range              Configure time range
tos                     Set TOS in ip header
<cr>
 
Yes; When using "dst-nat" there is an opportunity to specify the destination IP.
 
(Test-Lab) (config-sess-guest-web)#user any tcp 80 dst-nat ?
<0-65535>               Destination NAT port number
blacklist               Blacklist user if ACL gets applied
disable-scanning        Pause ARM scanning while traffic is present
dot1p-priority          Assign 802.1p priority
ip                      Destination NAT IP address
log                     Log if ACL gets applied
mirror                  Mirror all session packets to datapath or remote
                        destination
position                Filter position. Default is last. 1 is first.
queue                   Assign queue priority of the flow
time-range              Configure time range
tos                     Set TOS in ip header
<cr>
 
The destination ip is defined under the nat pool for dual-nat operation:
 
ip NAT pool <pool-name> <start-of-src-pool> <end-of-src-pool> <dst-nat-ip>
 
For example:
 
(Test-Lab) #conf term ip NAT pool arubatest 10.1.1.2 10.1.1.2 172.16.1.1
 
(Test-Lab) #show ip nat pool
 
NAT Pools
---------
Name          Start IP         End IP           DNAT IP
----          --------         ------           -------
Arubatest    10.1.1.2         10.1.1.2          172.16.1.1

Statistics
0 Favorited
4 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.