Stateless static ip nat, Redundancy – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 119

Advertising
background image

ServerIron ADX Security Guide

105

53-1002440-03

Stateless static IP NAT

4

The finrst-timeout keyword identifies TCP FIN (finish) and RST (reset) packets, which normally
terminate TCP connections. The default is 120 seconds. This timer is not related to tcp-timeout,
which applies to packets to or from a host address that is mapped to an global IP address and a
TCP port number (PAT feature). The finrst-timeout applies to packets that terminate a TCP session,
regardless of the host address or whether PAT is used.

The icmp-timeout keyword indicates timeout for NAT ICMP flows

The syn-timeout keyword indicates timeout for NAT TCP flows after a SYN

The tcp-timeout keyword indicates dynamic entries that use PAT based on TCP port numbers. The
default is 120 seconds. This timer applies only to TCP sessions that do not end “gracefully”, with a
TCP FIN or TCP RST.

The udp-timeout keyword indicates dynamic entries that use PAT based on UDP port numbers. The
default is 120 seconds.

The <secs> parameter specifies number of seconds, 0– 3600. Use maximum to set the maximum
timeout value. For example, 3,600 seconds.

The max-entries <number-of-entries> parameter specifies the maximum number of NAT entries

Stateless static IP NAT

A ServerIron ADX creates sessions for Static NAT by default. You can prevent a ServerIron ADX from
creating sessions for static NAT traffic with the following command.

ServerIronADX(config)# [no] ip nat stateless

Syntax: ip nat stateless

For “ip nat stateless“ to work, the existing command, “ip nat inside source static” must already be
configured.

Example

ip nat inside source static 10.45.16.103 10.45.16.10

NOTE

FTP, RTSP and other similar complex protocols are not supported. The traffic applicable for IP NAT
Stateless are TCP, UDP, and ICMP.

NOTE

You must reload a ServerIron ADX whenever changes are made to a running IP NAT configuration.

Redundancy

The IP NAT Redundancy feature implements a separate protocol to negotiate IP address ownership
of NAT IP addresses.

Advertising
Popular Brands
Popular manuals