Stateless static ip nat, Enabling ip nat, Enabling ip nat per-interface – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 80

Advertising
background image

68

Brocade Virtual ADX Security Guide

53-1003250-01

Stateless static IP NAT

4

The icmp-timeout keyword indicates timeout for NAT ICMP flows.

The syn-timeout keyword indicates timeout for NAT TCP flows after a SYN.

The tcp-timeout keyword indicates dynamic entries that use PAT based on TCP port numbers. The
default is 120 seconds. This timer applies only to TCP sessions that do not end “gracefully”, with a
TCP FIN or TCP RST.

The udp-timeout keyword indicates dynamic entries that use PAT based on UDP port numbers. The
default is 120 seconds.

The secs parameter specifies number of seconds, 0– 3600. Use maximum to set the maximum
timeout value, for example, 3,600 seconds.

The max-entries number-of-entries parameter specifies the maximum number of NAT entries.

Stateless static IP NAT

A Brocade Virtual ADX creates sessions for Static NAT by default. You can prevent a Brocade Virtual
ADX from creating sessions for static NAT traffic with the following command.

Virtual ADX(config)# ip nat stateless

Syntax: [no] ip nat stateless

For the ip nat stateless command to work, the existing command, the ip nat inside source static
command must already be configured.

Example

ip nat inside source static 10.45.16.103 10.45.16.10

NOTE

FTP, RTSP and other similar complex protocols are not supported. The traffic applicable for IP NAT
Stateless are TCP, UDP, and ICMP.

NOTE

You must reload a Brocade Virtual ADX whenever changes are made to a running IP NAT
configuration.

Enabling IP NAT

On a Brocade Virtual ADX, NAT is enabled on a per-interface basis.

NOTE

Brocade Virtual ADX does not support IP NAT inside and outside on the same physical interface.

Enabling IP NAT per-interface

When enabled per-interface, IP NAT must be enabled exclusively “inside” or “outside” on a physical
or virtual interface as shown in the following example.

Virtual ADX(config)#interface ethernet 1

Virtual ADX(config-if-e10000-1)#ip nat inside

Advertising
Popular Brands
Popular manuals