Wired Intelligent Edge (Campus Switching and Routing)

 View Only
last person joined: one year ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of HPE Aruba Networking switching devices, and find ways to improve security across your network.
Back to Library

What are conditions to be kept in mind while setting up NAT pool in MAS? 

Apr 09, 2015 07:39 AM

Environment : Tested with 7.4.0.0.

 

In order to protect private IPs of trusted servers behind MAS, traffic should be allowed to be initiated from either side. As of Release 7.3.0.0, session ACLs is supported on user-roles only. With Release 7.4.0.0, we will support session ACLs for trusted ports also.

 

  • Session ACL and stateless Ingress ACL cannot co-exist on an RVI.
  • Intended use of session ACL with NAT pools is for trusted ports. If there is a configuration of session ACL on RVI with untrusted ports, Session ACL on RVI takes precedence over user-role ACLs
  • The “dynamic-srcnat” pool found on the controller is not supported on MAS. 
  • Maximum user defined NAT pools is 59
  • NAT priority is; 

           i) User defined NAT via Session ACLs
           ii)NAT inside

  • NAT pool can be associated with src-nat and dual-nat option.
  • Session ACL with NAT pool applied to Ingress RVI
  • Session ACL with destination NAT rule applied to Egress RVI.
  • TRAP rule programmed in TCAM to trap packets requiring NAT action to software.
  • Case of 1:1 NAT mapping.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.