VPN-Interface-Natpool
You can use the VPN-Interface-Natpool template for all vEdge routers.
To configure NAT pool interfaces in a VPN using vManage templates:
- Create a VPN-Interface-Natpool feature template to configure Ethernet interface parameters, as described in this article.
- Create a VPN feature template to configure parameters for a service-side VPN. See the Configuration ► Templates ► VPN help topic.
- Optionally, create a data policy to direct data traffic to a service-side NAT.
- Create a device template that incorporates the VPN-Interface-Natpool and VPN feature templates. See the Configuration ► Templates help topic.
Navigate to the Template Screen
- In vManage NMS, select the Configuration ► Templates screen.
- From the Templates title bar, select Feature.
- Click Add Template.
- In the left pane, select one or more devices. The right pane displays the available templates for the selected devices.
- Select the VPN-Interface-Natpool template.
The right pane displays the VPN-Interface-Natpool template form.
- The top of the form contains fields for naming the template.
- The bottom contains fields for defining parameters applicable to that template.
- A drop-down menu to the left of each parameter field defines the scope of the parameter. When you first open a feature template form, for each parameter that has a default value, the scope is set to Default. To edit a parameter field, change the scope to Global or Device Specific. Note that if a parameter's scope is Device Specific, you cannot enter a value for it in the feature template. Instead, you enter a value when you attach the template to a device.
- A plus sign (+) is displayed to the right when you can add multiple entries for the same parameter.
Minimum Interface Configuration
The following parameters are required (unless otherwise indicated) to configure a NAT pool interface on a vEdge router:
Step | Parameter Field | Procedure |
---|---|---|
1. | Template Name | Enter a name for the template. It can be up to 128 characters and can contain only alphanumeric characters. |
2. | Description (Template) | Enter a description for the template. It can be up to 2048 characters and can contain only alphanumeric characters. |
3. | Shutdown | Click No to enable the interface. |
4. | Interface name | Enter a number for the NAT pool interface. Range: |
5. | Description (optional) | Enter a description for the interface. |
6. | IPv4 address | Enter the IPv4 address of the interface. The address length determines the number of addresses that the router can NAT at the same time. A vEdge router can NAT a maximum of 250 IP addresses. |
7. | Refresh mode (optional) | Select how NAT mappings are refreshed: |
8. | UDP timeout (optional) | Enter the time when NAT translations over UDP sessions time out. Range: 1 through 65536 minutes Default: 1 minute |
9. | TCP timeout (optional) | Enter the time when NAT translations over UDP sessions time out. Range: 1 through 65536 minutes Default: 60 minutes (1 hour) |
10. | Direction (optional) | Select the direction in which the NAT interface performs address translation: • outside—Translate the source IP address of packets that are coming to the vEdge router from the transport side of the vEdge router and that are destined to a service-side device. |
11. | Overload (optional) | Click No to disable dynamic NAT. By default, dynamic NAT is enabled. |
12. | Save | Click Save to save the feature template. |
CLI equivalent:
vpn vpn-id interface natpoolnumber ip address prefix/length nat direction (inside | outside) [no] overload refresh (bi-directional | outbound) static source-ip ip-address1 translate-ip ip-address2 (inside | outside) tcp-timeout minutes udp-timeout minutes [no] shutdown
Configure Port-Forwarding Rules
To create port-forwarding rules to allow requests from an external network to reach devices on the internal network, select the Port Forward tab, and click the plus sign (+) to add a port-forwarding rule. You can create up to 128 rules.
Parameter Name | Description |
---|---|
Port Start Range | Enter the starting port number. This number must be less than or equal to the ending port number. |
Port End Range | Enter the ending port number. To apply port forwarding to a single port, specify the same port number for the starting and ending numbers. When applying port forwarding to a range of ports, the range includes the two port numbers that you specify |
Protocol | Select the protocol to apply the port-forwarding rule to. It can be TCP or UDP. To match the same ports for both TCP and UDP traffic, configure two rules. |
VPN | Private VPN in which the internal server resides. Range: 0 through 65535 |
Private IP | If the vEdge router has multiple TLOCs, click No to have the tunnel not establish a TLOC. The default is On, which establishes a control connection for the TLOC. |
CLI equivalent:
vpn vpn-id interface natpoolnumber nat port-forward port-start port-number1 port-end port-number2 proto (tcp | udp) private-ip-address ip address private-vpn vpn-id
Configure Static NAT
To configure static NATing of service-side sour IP addresses, select the Static NAT tab, click On, and click the plus sign (+) to add a static NAT mapping:
Parameter Name | Description |
---|---|
Source IP | Enter the private source IP address to be NATed. |
Translate IP | Enter the public IP address to map the private source address to. |
Direction | Select the direction in wchih to perform network address translation: • inside—Translate the IP address of packets that are coming from the service side of the vEdge router and that are destined to transport side of the router. • outside—Translate the IP address of packets that are coming to the vEdge router from the transport side of the vEdge router and that are destined to a service-side device. |
CLI equivalent:
vpn vpn-id interface natpoolnumber ip address prefix/length no shutdown nat direction (inside | outside) no overload static source-ip ip-address1 translate-ip ip-address2 (inside | outside)
Release Information
Introduced in vManage NMS Release 16.3.