• February 17, 2019, 03:40:45 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Nat  (Read 4223 times)

0 Members and 1 Guest are viewing this topic.

Offline JJ

  • Jr. Member
  • **
  • Posts: 26
Nat
« on: July 14, 2013, 04:13:24 PM »
Hi Friends,
I want to nat my webserver in ARN router, please help to get the commands.

Thanks in advance


Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3839
    • michaelfmcnamara
    • Michael McNamara
Re: Nat
« Reply #1 on: July 15, 2013, 09:06:06 PM »
That's an ancient platform... and while I believe BayRS included NAT functionality it wasn't very versatile if I recall.

I would suggest looking for a different piece of hardware. It will save you a lot of headaches.
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!

Offline TankII

  • Hero Member
  • *****
  • Posts: 550
Re: Nat
« Reply #2 on: July 16, 2013, 12:43:08 PM »
I agree with Michael.  Even if you are stuck with Frame Relay or FT-1, I would look at a current supported platform.
While the ARN is a decent box, assuming you upgraded the RAM to 16MB and the flash to 16MB and the OS to 15.5, you still need to be aware of the vulnerabilities presented by running such an old platform.

TankII

Offline JJ

  • Jr. Member
  • **
  • Posts: 26
Re: Nat
« Reply #3 on: July 16, 2013, 03:51:10 PM »
Thanks Michael and Tankll for your reply, but here i have that hardware used by our client and they want to configure nat.. its really headaches but have to find some solution for that.

Offline TankII

  • Hero Member
  • *****
  • Posts: 550
Re: Nat
« Reply #4 on: July 17, 2013, 03:09:36 PM »
From the 15.5 release notes:


NAT Guidelines
Follow these guidelines when configuring NAT:
Configuring NAT Dynamically
When you configure a local or global interface for NAT in dynamic mode, the
router returns an SNMP set error. However, this error does not affect the
configuration of the router.
ISP Mode Not Supported by NAT
NAT does not support the ISP mode feature. ISP mode is a BayRS global IP
parameter that allows you to enable the BGP soloist and disable IP forwarding
caches. By default, ISP mode is disabled in BayRS.
Release Notes for BayRS Version 15.5.0.0
308663-15.5.0.0 Rev 00 35
Configuring Bidirectional NAT
For multidomain NAT to work, in addition to configuring bidirectional NAT on
the router, you must:
1. Configure RIP2 on the NAT router interfaces and on each router with
which the NAT router will be exchanging routing updates. Otherwise,
you must configure static routes or a combination of RIP2 and static
routes.
2. Install Domain Name System (DNS) server on a machine that is running
UNIX or Windows NT and that has access to the NAT router. DNS server
software is available from third-party suppliers and may be included
with your operating system software.
3. Configure BayRS DNS proxy on each interface of a NAT router to be
used for dynamic bidirectional translation. You do not need to configure
DNS proxy for a static bidirectional network address translation.
4. Configure BayRS DNS client on each device that will be initiating traffic
in the domains of your multidomain NAT configuration.
Protocols/Configurations Not Supported by Bidirectional NAT
OSPF
BGP
IPsec on the same interfaces configured for bidirectional NAT
BayRS ECMP

Offline TankII

  • Hero Member
  • *****
  • Posts: 550
Re: Nat
« Reply #5 on: July 17, 2013, 03:10:51 PM »
NAT Services
The following limitations and cautions exist for NAT services in BayRS:
NAT does not operate in IP ISP Mode. To avoid this problem you should
disable the global IP ISP mode parameter.
NAT and IPsec cannot interoperate with overlapping source IP address ranges,
because NAT takes precedence. IPsec cannot process a source address that is
also in a NAT address range. However, the following workarounds are
available:
For UNIX systems, you can separate IP hosts on the networks into two
groups: a NAT-only group and an IPsec-only group. You can then use the
multinetted interfaces or two network interface cards on a host to establish
these two logical groups on one physical host.
You can also configure NAT and IPsec on different devices so that one BayRS
router runs IPsec and another BayRS router runs NAT.
If you are using BayRS version 14.20 or later, you must use version 14.20 or
later of the nat.bat script file.
NAT cannot handle more than 600 dynamic translations at an inter-packet rate
of less than 10 milliseconds. For inter-packet rates of 10 milliseconds or
greater, NAT successfully handles 1500 dynamic translations per slot. These
performance thresholds pertain to the BN, BLN, and Passport 5430 routers
with 64 MB processor cards installed.
If you are using NAT and FireWall-1 on the same router, the FTP application
does not work correctly using port 20.
Release Notes for BayRS Version 15.5.0.0
52 308663-15.5.0.0 Rev 00
When disabled, the NAT Install Private Address feature does not block
advertisement of private addresses within a unidirectional NAT environment.
This feature is set using Site Manager (Install Private Address) or the BCC
(visible-private-address). In order to prevent a NAT private address from
being advertised into the NAT public domain, a RIP announce policy filter or
an OSPF announce policy filter must be configured (depending on which
routing protocol is used).
The following two sections describe how to configure RIP and OSPF
announce policy filters for unidirectional NAT:
Configuring a RIP Announce Policy Filter for Unidirectional NAT
Configure a RIP announce policy filter to ignore the networks in the private
domain. Using Site Manager (or the BCC), create a RIP announce policy and
set the Action parameter to Ignore. You should then specify matching criteria
for the RIP announce policy by entering the NAT private networks in the
Networks list and entering the IP address of the NAT public interface in the
Outbound Interfaces list.
For additional information on configuring RIP announce policies, see
Configuring IP, ARP, RARP, RIP, and OSPF Services.
Configuring an OSPF Announce Policy Filter for Unidirectional NAT
Do not configure OSPF on the NAT private interface(s). Otherwise, you will
not be able to prevent the advertisement of private networks into the OSPF
domain because these routes will be considered OSPF internal routes. OSPF
announce policy filters apply only to OSPF external routes.
For NAT to work with OSPF, the NAT router must be configured as an OSPF
ASBR (Autonomous System Border Router). As an OSPF ASBR, the NAT
private networks are injected into the OSPF domain as OSPF external routes.
To prevent this, an OSPF announce policy filter must be configured on the
NAT router. Using Site Manager (or the BCC), create an OSPF announce
policy and set the Action parameter to Ignore. You should then specify
matching criteria for the OSPF announce policy by entering the NAT private
networks in the Networks list.
For additional information on configuring OSPF announce policies, see
Configuring IP, ARP, RARP, RIP, and OSPF Services.

Offline TankII

  • Hero Member
  • *****
  • Posts: 550
Re: Nat
« Reply #6 on: July 17, 2013, 03:13:46 PM »
Lookign around for
Configuring GRE, NAT, RIPSO, and BFE Services (Bay Networks partnumber 308625-14.00 Rev 00)

Offline TankII

  • Hero Member
  • *****
  • Posts: 550
Re: Nat
« Reply #7 on: July 17, 2013, 03:22:56 PM »