Configuring Service Side NAT

Configuring Service Side NAT

Posted on Jan 27, 2020 (0)

Configuring Service Side NAT

In Cisco Viptela, both Dynamic NAT and Static NAT can be configured in service VPN of vEdge router. To configure the Service Side NAT, following method is to be followed.

  • Configure or Create NAT Pool Interface
  • Configure or Create Data Policy to direct data traffic to service side NAT
  • Configure Dynamic or Static NAT

Let’s see the above steps one by one.

Create a NAT Pool interface:

This NAT pool interface on router NATs data traffic when any data traffic is directed to it and then send the traffic towards destination.

In required VPN, create NAT Pool interface

vEdge(config-vpn)# interface natpoolnumber { number from 1 to 31 }

Configure the NAT pool interface's IP address:

vEdge(config-natpool)# ip address prefix/length

Length of IP address determines number of address router can do NAT at one time. For each NAT pool interface maximum 250 IP address can be configured.

Enable the interface:

vEdge(config-natpool)# no shutdown

Configure or Create Data Policy to direct data traffic to service side NAT

This steps is used, when we need to direct the traffic from service VPN to NAT, a centralized data policy on vSmart controller is to be configured. Once Match is done, the matched traffic is diverted to NAT.

Configure the lists required for the data policy that is list of VPN and sites, matching data prefixes.

vSmart(config-policy-lists)# vpn-list list-name
vSmart(config-policy-vpn-list)# vpn vpn-id
vSmart(config-policy-lists)# site-list list-name
vSmart(config-policy-site-list)# site-id site-id
vSmart(config-policy-lists)# data-prefix-list list-name
vSmart(config-policy-data-prefix-list)# ip-prefix prefix/length

Configure a data policy:

vSmart(config-policy)# data-policy policy-name
vSmart(config-data-policy)# vpn-list list-name
vSmart(config-vpn-list)# sequence number

Configure the desired match conditions:

vSmart(config-sequence)# match condition

In the action, associate matching data traffic with the desired NAT pool:

vSmart(config-sequence)# action accept
vSmart(config-sequence)# nat pool number

Configure the desired default action for the data policy:

vSmart(config-vpn-list)# default-action (accept | reject)

Apply the policy to the desired sites in the overlay network:

vSmart(config)# apply-policy site-list list-name data-policy policy-name from-service

Configure Dynamic NAT:

By default, when any router is configured to act as NAT device, it does Dynamic NAT and it can perform dynamic NAT up to 250 IP address across NAT pools.

vEdge(config-vpn)# interface natpoolnumber
vEdge(config-natpool)# ip address prefix/length
vEdge(config-natpool)# no shutdown
vEdge(config-natpool)# nat


    You are will be the first.


Please login here to comment.