Avaya Configuring BFE Services Bedienungsanleitung

BayRS Version 14.20Part No. 308625-14.20 Rev 00October 2000600 Technology Park DriveBillerica, MA 01821-4130Configuring GRE, NAT, RIPSO, and BFE Serv

x308625-14.20 Rev 00Configuring Sample Bidirectional NAT Using the BCC ... B-3Information Used in Bid

Configuring GRE, NAT, RIPSO, and BFE Services2-52308625-14.20 Rev 00Step 4. Configure a NAT router interface to a device in each domain that will use

Configuring Network Address Translation308625-14.20 Rev 002-53For example, the following command sets the name-server parameter to IP address 192.32.7

Configuring GRE, NAT, RIPSO, and BFE Services2-54308625-14.20 Rev 00Here is a look at what has been configured for DNS proxy, accepting default values

Configuring Network Address Translation308625-14.20 Rev 002-55unnumbered-circuit-name {}use-translation-pool outboundThe type parameter is a read-only

Configuring GRE, NAT, RIPSO, and BFE Services2-56308625-14.20 Rev 00Using Site ManagerTo use Site Manager to configure a dynamic bidirectional network

Configuring Network Address Translation308625-14.20 Rev 002-57Install DNS server on a device that has a public address connection to the router that w

Configuring GRE, NAT, RIPSO, and BFE Services2-58308625-14.20 Rev 00Step 4. Configure RIP2 on the router IP interfaces and on each device that will us

Configuring Network Address Translation308625-14.20 Rev 002-59Steps 5, 6, 7: Configure NAT on an interface, specify a domain name, and identify a DNS

Configuring GRE, NAT, RIPSO, and BFE Services2-60308625-14.20 Rev 00* If, for some reason, you decide not to configure DNS proxy at this point, see th

Configuring Network Address Translation308625-14.20 Rev 002-61To configure a source address filter, complete the following tasks:Step 9. Configuring a

308625-14.20 Rev 00 xiFiguresFigure 1-1. Simple GRE Tunnel Components ...1-3Figure 1-2. GRE

Configuring GRE, NAT, RIPSO, and BFE Services2-62308625-14.20 Rev 00To configure a translation pool, complete the following tasks:Site Manager Procedu

Configuring Network Address Translation308625-14.20 Rev 002-63Step 10. Configure DNS client on each device in the domains that will initiate address t

Configuring GRE, NAT, RIPSO, and BFE Services2-64308625-14.20 Rev 00Where to Go NextThe instructions in “Starting NAT Services and Configuring Transla

Configuring Network Address Translation308625-14.20 Rev 002-65Customizing NAT Global ParametersTo customize the way NAT operates on a router, modify N

Configuring GRE, NAT, RIPSO, and BFE Services2-66308625-14.20 Rev 00Enabling and Disabling NAT on the RouterWhen you first configure any router interf

Configuring Network Address Translation308625-14.20 Rev 002-67Configuring the Soloist Slot MaskBy default, the router uses any available slot for the

Configuring GRE, NAT, RIPSO, and BFE Services2-68308625-14.20 Rev 00Using Site ManagerTo specify the slots on which NAT can run as a soloist, complete

Configuring Network Address Translation308625-14.20 Rev 002-69Logging NAT MessagesBy default, BayRS does not log NAT messages. You can enable the logg

Configuring GRE, NAT, RIPSO, and BFE Services2-70308625-14.20 Rev 00Using Site ManagerTo specify the types of log messages that are reported by NAT so

Configuring Network Address Translation308625-14.20 Rev 002-71Enabling and Disabling the Dynamic Mapping Aging TimerBy default, the router deletes exp

Configuring GRE, NAT, RIPSO, and BFE Services2-72308625-14.20 Rev 00Configuring the Dynamic Mapping Timeout ValueA NAT dynamic mapping (translation en

Configuring Network Address Translation308625-14.20 Rev 002-73Using the BCCTo configure the timeout period for a dynamic translation entry, navigate t

Configuring GRE, NAT, RIPSO, and BFE Services2-74308625-14.20 Rev 00Customizing a NAT InterfaceThis section includes the following topics:Adding NAT t

Configuring Network Address Translation308625-14.20 Rev 002-75Using Site ManagerTo add NAT to a router IP interface, complete the following tasks:Site

Configuring GRE, NAT, RIPSO, and BFE Services2-76308625-14.20 Rev 008. Click on Yes or click on No:• If you click on Yes, specify an address for DNS S

Configuring Network Address Translation308625-14.20 Rev 002-77Disabling and Reenabling NAT on an InterfaceWhen you add NAT to a router interface, NAT

Configuring GRE, NAT, RIPSO, and BFE Services2-78308625-14.20 Rev 00Using Site ManagerTo disable or reenable NAT on an interface, complete the followi

Configuring Network Address Translation308625-14.20 Rev 002-79Deleting NAT from an InterfaceWhen you delete NAT from the last NAT-configured interface

Configuring GRE, NAT, RIPSO, and BFE Services2-80308625-14.20 Rev 00Configuring NAT Static Address TranslationStatic address mapping entries must be u

Configuring Network Address Translation308625-14.20 Rev 002-81Adding a Static Unidirectional Address MappingTo add a static unidirectional mapping, yo

308625-14.20 Rev 00xiiiTablesTable 2-1. Comparing NAT Types SDPT and N-to-1 ...2-5Table 2-2. Sample Conf

Configuring GRE, NAT, RIPSO, and BFE Services2-82308625-14.20 Rev 00Optionally, you can specify either a static next hop or an unnumbered circuit name

Configuring Network Address Translation308625-14.20 Rev 002-83out-domain-name publicstate enabledtranslated-address 199.1.42.200unnumbered-circuit-nam

Configuring GRE, NAT, RIPSO, and BFE Services2-84308625-14.20 Rev 00Adding a Static Bidirectional Address MappingFor static bidirectional NAT, you mus

Configuring Network Address Translation308625-14.20 Rev 002-85Similar to static unidirectional mapping, you are mapping a single address to another si

Configuring GRE, NAT, RIPSO, and BFE Services2-86308625-14.20 Rev 00Using the BCCTo add a bidirectional static address mapping on the NAT router, navi

Configuring Network Address Translation308625-14.20 Rev 002-87Examples of Configuring Static Bidirectional NAT to Work with or Independent of DNS Prox

Configuring GRE, NAT, RIPSO, and BFE Services2-88308625-14.20 Rev 004. Choose Static Mapping. The NAT Static Translation List window opens.5. Click on

Configuring Network Address Translation308625-14.20 Rev 002-89Adding an SDPT Address and Port MappingTo configure NAT SDPT you statically map the addr

Configuring GRE, NAT, RIPSO, and BFE Services2-90308625-14.20 Rev 00translated_address is the public address that you want to map to the original addr

Configuring Network Address Translation308625-14.20 Rev 002-91ip/192.1.2.3/255.0.0.0# nat domain-name publicnat/192.1.2.3#Using Site ManagerBefore you

Configuring GRE, NAT, RIPSO, and BFE Services2-92308625-14.20 Rev 00Disabling and Reenabling a Static Address MappingWhen you add a NAT static address

Configuring Network Address Translation308625-14.20 Rev 002-93Using Site ManagerTo disable or reenable a static address mapping, complete the followin

Configuring GRE, NAT, RIPSO, and BFE Services2-94308625-14.20 Rev 00Using Site ManagerTo delete a static address mapping, complete the following tasks

Configuring Network Address Translation308625-14.20 Rev 002-95Configuring NAT Dynamic Address TranslationFor dynamic NAT to work, you must do the foll

Configuring GRE, NAT, RIPSO, and BFE Services2-96308625-14.20 Rev 005. Configure a range of addresses as a translation pool. Instructions follow. Dyna

Configuring Network Address Translation308625-14.20 Rev 002-97Adding a Source Address FilterA source address filter is a range of addresses within a d

Configuring GRE, NAT, RIPSO, and BFE Services2-98308625-14.20 Rev 00IP Address and Prefix Length ParameterTo identify an address range for a source ad

Configuring Network Address Translation308625-14.20 Rev 002-99Use the BCC parameter use-translation-pool or the Site Manager parameter Translation Poo

Configuring GRE, NAT, RIPSO, and BFE Services2-100308625-14.20 Rev 00Using the BCCTo configure a source address filter, navigate to the domain name pr

Configuring Network Address Translation308625-14.20 Rev 002-101Examples of specifying a translation pool for a source address filterIf you configure a

308625-14.20 Rev 00xv PrefaceThis guide describes the following services and what you do to start and customize them on a Nortel Networks™ router:• Ge

Configuring GRE, NAT, RIPSO, and BFE Services2-102308625-14.20 Rev 00Using Site ManagerTo configure a source address filter, complete the following ta

Configuring Network Address Translation308625-14.20 Rev 002-103Disabling and Reenabling a Source Address FilterWhen you add a source address filter, i

Configuring GRE, NAT, RIPSO, and BFE Services2-104308625-14.20 Rev 00Using Site ManagerTo disable or reenable a source address filter, complete the fo

Configuring Network Address Translation308625-14.20 Rev 002-105Deleting a Source Address FilterUse the BCC or Site Manager to delete a source address

Configuring GRE, NAT, RIPSO, and BFE Services2-106308625-14.20 Rev 00Adding a Translation PoolA translation pool is a range of IP addresses that you s

Configuring Network Address Translation308625-14.20 Rev 002-107Using the BCCTo configure a translation pool, navigate to the domain name prompt (for e

Configuring GRE, NAT, RIPSO, and BFE Services2-108308625-14.20 Rev 007. Set the following parameters:• IP Address• Prefix Length• Domain NameClick on

Configuring Network Address Translation308625-14.20 Rev 002-109Disabling and Reenabling a Translation PoolWhen you create a translation pool, it is en

Configuring GRE, NAT, RIPSO, and BFE Services2-110308625-14.20 Rev 00Using Site ManagerTo disable or reenable a translation pool, complete the followi

Configuring Network Address Translation308625-14.20 Rev 002-111Deleting a Translation PoolUse the BCC or Site Manager to delete a translation pool.Usi

Configuring GRE, NAT, RIPSO, and BFE Servicesxvi308625-14.20 Rev 00Text ConventionsThis guide uses the following text conventions:angle brackets (<

Configuring GRE, NAT, RIPSO, and BFE Services2-112308625-14.20 Rev 006. Select the translation pool that you want to delete from the list in the upper

Configuring Network Address Translation308625-14.20 Rev 002-113Configuring NAT N-to-1 TranslationNAT N-to-1 translation allows you to configure a rang

Configuring GRE, NAT, RIPSO, and BFE Services2-114308625-14.20 Rev 00For example, the following command sequence configures the IP address 199.1.42.10

308625-14.20 Rev 003-1 Chapter 3Configuring RIPSO on an IP InterfaceThis chapter describes RIPSO and provides instructions for configuring RIPSO on an

Configuring GRE, NAT, RIPSO, and BFE Services3-2308625-14.20 Rev 00RIPSO Concepts and TerminologyIP routers support the Department of Defense (DoD) Re

Configuring RIPSO on an IP Interface308625-14.20 Rev 003-3 You also specify whether the router creates the following types of labels:• An implicit lab

Configuring GRE, NAT, RIPSO, and BFE Services3-4308625-14.20 Rev 00• Octet 4 and beyond identify the protection authorities under whose rules the data

Configuring RIPSO on an IP Interface308625-14.20 Rev 003-5 • The authority flags in the datagram’s label must include all flags required for the inter

Configuring GRE, NAT, RIPSO, and BFE Services3-6308625-14.20 Rev 00• If the inbound interface does not have an implicit label configured, the router l

Configuring RIPSO on an IP Interface308625-14.20 Rev 003-7 Specifying the IP Datagram Type for Stripping Security OptionsUse Site Manager to choose th

Preface308625-14.20 Rev 00xvii AcronymsThis guide uses the following acronyms::screen text Indicates system output, for example, prompts and system me

Configuring GRE, NAT, RIPSO, and BFE Services3-8308625-14.20 Rev 00Specifying the Outbound Datagram Type Requiring Security LabelsUse Site Manager to

Configuring RIPSO on an IP Interface308625-14.20 Rev 003-9 Specifying the Inbound Datagram Type Requiring Security LabelsUse Site Manager to specify t

Configuring GRE, NAT, RIPSO, and BFE Services3-10308625-14.20 Rev 00Setting the Security Level for IP DatagramsUse Site Manager to specify the minimum

Configuring RIPSO on an IP Interface308625-14.20 Rev 003-11 Choosing Authority Flags in Outbound DatagramsUse Site Manager to specify which authority

Configuring GRE, NAT, RIPSO, and BFE Services3-12308625-14.20 Rev 00Choosing Authority Flags in Inbound DatagramsUse Site Manager to specify which aut

Configuring RIPSO on an IP Interface308625-14.20 Rev 003-13 Supplying Implicit Labels for Unlabeled Inbound DatagramsUse Site Manager to specify wheth

Configuring GRE, NAT, RIPSO, and BFE Services3-14308625-14.20 Rev 00Enabling and Disabling Default Labels for Unlabeled Outbound DatagramsUse Site Man

Configuring RIPSO on an IP Interface308625-14.20 Rev 003-15 Enabling and Disabling Error Labels for Outbound ICMP Error DatagramsUse Site Manager to s

Configuring GRE, NAT, RIPSO, and BFE Services3-16308625-14.20 Rev 00RIPSO ExampleThe router in Figure 3-2 has RIPSO configured on all three IP interfa

Configuring RIPSO on an IP Interface308625-14.20 Rev 003-17 Figure 3-2. RIPSO Example1.1.0.11.1.0.21.2.0.1 1.3.0.11.1.0.1Forward outbounddatagram?

Configuring GRE, NAT, RIPSO, and BFE Servicesxviii308625-14.20 Rev 00Related PublicationsFor more information about GRE, NAT, and other IP services, r

308625-14.20 Rev 004-1 Chapter 4Connecting the Router to a Blacker Front EndThis chapter describes the Blacker front end (BFE) and provides instructio

Configuring GRE, NAT, RIPSO, and BFE Services4-2308625-14.20 Rev 00Blacker Front End (BFE) Concepts and TerminologyThe BFE is a classified encryption

Connecting the Router to a Blacker Front End308625-14.20 Rev 004-3 BFE devices receive authorization and address translation services from an access c

Configuring GRE, NAT, RIPSO, and BFE Services4-4308625-14.20 Rev 00BFE AddressingYou can enable BFE support on individual IP interfaces. Once enabled,

Connecting the Router to a Blacker Front End308625-14.20 Rev 004-5 Configuring BFE Support To configure BFE support on an IP interface, you must:• Con

Configuring GRE, NAT, RIPSO, and BFE Services4-6308625-14.20 Rev 00For instructions on performing steps 1 through 4, see Configuring X.25 Services. Fo

Connecting the Router to a Blacker Front End308625-14.20 Rev 004-7 Outgoing SVC LCN Start Parameter is ignored.Number of PVC channels Zero (0). BFE do

Configuring GRE, NAT, RIPSO, and BFE Services4-8308625-14.20 Rev 00Full Addressing OnAcceptance Format DefextRelease Format DefextCCITT (now ITU-T) Co

Connecting the Router to a Blacker Front End308625-14.20 Rev 004-9 Packet Size Options include 128, 256, 512, and 1024. If you want to use a value oth

Preface308625-14.20 Rev 00xix • Configuring IP Exterior Gateway Protocols (BGP and EGP) (Nortel Networks part number 308628-14.00 Rev 00)Provides a de

308625-14.20 Rev 00A-1 Appendix ASite Manager ParametersThis appendix contains the Site Manager parameter descriptions for GRE, NAT, and RIPSO. You ca

Configuring GRE, NAT, RIPSO, and BFE ServicesA-2308625-14.20 Rev 00The Technician Interface allows you to modify parameters by issuing set and commit

Site Manager Parameters308625-14.20 Rev 00A-3 To access the GRE Create Tunnels List window, complete the following tasks: Site Manager ProcedureYou do

Configuring GRE, NAT, RIPSO, and BFE ServicesA-4308625-14.20 Rev 00Remote Connection ParametersThe Create GRE Remote Connection window (Figure A-2) al

Site Manager Parameters308625-14.20 Rev 00A-5 To access the Create GRE Remote Connection window, complete the following tasks: Site Manager ProcedureY

Configuring GRE, NAT, RIPSO, and BFE ServicesA-6308625-14.20 Rev 00Parameter: Remote Physical IP AddressPath: Configuration Manager > Protocols >

Site Manager Parameters308625-14.20 Rev 00A-7 NAT ParametersNAT parameters are described in the following sections:NAT Global ParametersThe NAT Global

Configuring GRE, NAT, RIPSO, and BFE ServicesA-8308625-14.20 Rev 00Parameter: EnablePath: Configuration Manager > Protocols > IP > NAT > G

Site Manager Parameters308625-14.20 Rev 00A-9 Parameter: Log MaskPath: Configuration Manager > Protocols > IP > NAT > GlobalDefault: 0x000

ii308625-14.20 Rev 00 Copyright © 2000 Nortel NetworksAll rights reserved. October 2000.The information in this document is subject to change without

Configuring GRE, NAT, RIPSO, and BFE ServicesA-10308625-14.20 Rev 00Parameter: Mapping Timeout (secs)Path: Configuration Manager > Protocols > I

Site Manager Parameters308625-14.20 Rev 00A-11 NAT Interface ParametersThe NAT Interface List window allows access to NAT interface parameters. If you

Configuring GRE, NAT, RIPSO, and BFE ServicesA-12308625-14.20 Rev 00NAT Static Translation ParametersThe NAT Static Translation List window allows acc

Site Manager Parameters308625-14.20 Rev 00A-13 Parameter: EnablePath: Configuration Manager > Protocols > IP > NAT > Static MappingDefault

Configuring GRE, NAT, RIPSO, and BFE ServicesA-14308625-14.20 Rev 00Parameter: Source DomainPath: Configuration Manager > Protocols > IP > NA

Site Manager Parameters308625-14.20 Rev 00A-15 Parameter: Destination DomainPath: Configuration Manager > Protocols > IP > NAT > Static Ma

Configuring GRE, NAT, RIPSO, and BFE ServicesA-16308625-14.20 Rev 00Adding Static Translation ParametersTo add static translations, whether bidirectio

Site Manager Parameters308625-14.20 Rev 00A-17 Depending on the type of configuration you want, go to the appropriate section:Adding NAT Bidirectional

Configuring GRE, NAT, RIPSO, and BFE ServicesA-18308625-14.20 Rev 00Parameter: Source DomainPath: Configuration Manager > Protocols > IP > NA

Site Manager Parameters308625-14.20 Rev 00A-19 Parameter: Destination DomainPath: Configuration Manager > Protocols > IP > NAT > Static Ma

308625-14.20 Rev 001-1 Chapter 1Configuring GRE TunnelsThis chapter provides information about Generic Routing Encapsulation (GRE) tunnels and instruc

Configuring GRE, NAT, RIPSO, and BFE ServicesA-20308625-14.20 Rev 00Adding NAT SDPT ParametersTo configure NAT static destination port translation (SD

Site Manager Parameters308625-14.20 Rev 00A-21 Parameter: Private PortPath: Configuration Manager > Protocols > IP > NAT > Static Mapping

Configuring GRE, NAT, RIPSO, and BFE ServicesA-22308625-14.20 Rev 00Adding NAT Unidirectional ParametersTo configure static, unidirectional NAT, set t

Site Manager Parameters308625-14.20 Rev 00A-23 Parameter: Static NexthopPath: Configuration Manager > Protocols > IP > NAT > Static Mappin

Configuring GRE, NAT, RIPSO, and BFE ServicesA-24308625-14.20 Rev 00NAT Dynamic Mapping ParametersTo access the NAT dynamic mapping configuration wind

Site Manager Parameters308625-14.20 Rev 00A-25 NAT Source Address Filter ParametersThe following parameters are accessible from the NAT Source Address

Configuring GRE, NAT, RIPSO, and BFE ServicesA-26308625-14.20 Rev 00Parameter: Translation Pool SelectorPath: Configuration Manager > Protocols >

Site Manager Parameters308625-14.20 Rev 00A-27 Parameter: Static NexthopPath: Configuration Manager > Protocols > IP > NAT > Dynamic Mappi

Configuring GRE, NAT, RIPSO, and BFE ServicesA-28308625-14.20 Rev 00Adding Source Address Filter ParametersThe following parameters are accessible whe

Site Manager Parameters308625-14.20 Rev 00A-29 Parameter: Domain NamePath: Configuration Manager > Protocols > IP > NAT > Dynamic Mapping

Configuring GRE, NAT, RIPSO, and BFE Services1-2308625-14.20 Rev 00GRE Concepts and TerminologyGeneric Routing Encapsulation (GRE) is a protocol that

Configuring GRE, NAT, RIPSO, and BFE ServicesA-30308625-14.20 Rev 00Parameter: Nto1 AddressPath: Configuration Manager > Protocols > IP > NAT

Site Manager Parameters308625-14.20 Rev 00A-31 NAT Translation Pool ParametersThe following parameters are accessible from the NAT Translation Pool Li

Configuring GRE, NAT, RIPSO, and BFE ServicesA-32308625-14.20 Rev 00Adding NAT Translation Pool ParametersThe following parameters are accessible when

Site Manager Parameters308625-14.20 Rev 00A-33 Parameter: Prefix LengthPath: Configuration Manager > Protocols > IP > NAT > Dynamic Mappin

Configuring GRE, NAT, RIPSO, and BFE ServicesA-34308625-14.20 Rev 00RIPSO ParametersThe IP Interface List window (Figure A-3) allows access to paramet

Site Manager Parameters308625-14.20 Rev 00A-35 Parameter: Enable SecurityPath: Configuration Manager > Protocols > IP > InterfacesDefault: En

Configuring GRE, NAT, RIPSO, and BFE ServicesA-36308625-14.20 Rev 00Parameter: Require Out SecurityPath: Configuration Manager > Protocols > IP

Site Manager Parameters308625-14.20 Rev 00A-37 Parameter: Minimum LevelPath: Configuration Manager > Protocols > IP > InterfacesDefault: Uncl

Configuring GRE, NAT, RIPSO, and BFE ServicesA-38308625-14.20 Rev 00Parameter: Must Out AuthorityPath: Configuration Manager > Protocols > IP &g

Site Manager Parameters308625-14.20 Rev 00A-39 Parameter: Must In AuthorityPath: Configuration Manager > Protocols > IP > InterfacesDefault:

Configuring GRE Tunnels308625-14.20 Rev 001-3 How GRE Tunneling WorksA simple point-to-point GRE tunnel terminates at router interfaces at each end of

Configuring GRE, NAT, RIPSO, and BFE ServicesA-40308625-14.20 Rev 00Parameter: Implicit LabelPath: Configuration Manager > Protocols > IP > I

Site Manager Parameters308625-14.20 Rev 00A-41 Parameter: Implicit LevelPath: Configuration Manager > Protocols > IP > InterfacesDefault: Unc

Configuring GRE, NAT, RIPSO, and BFE ServicesA-42308625-14.20 Rev 00Parameter: Default AuthorityPath: Configuration Manager > Protocols > IP >

Site Manager Parameters308625-14.20 Rev 00A-43 Parameter: Error LabelPath: Configuration Manager > Protocols > IP > InterfacesDefault: Enable

308625-14.20 Rev 00B-1 Appendix BSample Bidirectional NAT ConfigurationPROBLEM: Hosts in two domains at your site need to share information, yet you n

Configuring GRE, NAT, RIPSO, and BFE ServicesB-2308625-14.20 Rev 00The configuration tasks are similar when configuring static bidirectional NAT, exce

Sample Bidirectional NAT Configuration308625-14.20 Rev 00B-3 The address translation at the NAT router occurs with the assistance of BayRS DNS proxy o

Configuring GRE, NAT, RIPSO, and BFE ServicesB-4308625-14.20 Rev 001. Configure a DNS server with a public address on the same network as the router t

Sample Bidirectional NAT Configuration308625-14.20 Rev 00B-5 Configuring RIP2 on the router IP interface 25.2.2.2 for domain1:ip/25.2.2.2/255.0.0.0# r

Configuring GRE, NAT, RIPSO, and BFE Services1-4308625-14.20 Rev 00The GRE tunnel can use any IP interface configured on the router as a physical end

Configuring GRE, NAT, RIPSO, and BFE ServicesB-6308625-14.20 Rev 00fwd-port 53fwd-server1-address 99.9.9.9fwd-server2-address 0.0.0.0fwd-server3-addre

Sample Bidirectional NAT Configuration308625-14.20 Rev 00B-7 To view the status of the NAT interfaces on the router, enter the show nat interfaces com

Configuring GRE, NAT, RIPSO, and BFE ServicesB-8308625-14.20 Rev 00To check the addresses in a source address filter and to see whether a source addre

Sample Bidirectional NAT Configuration308625-14.20 Rev 00B-9 8.Configure DNS client on each device in the domains that will initiate IP traffic whose

Configuring GRE, NAT, RIPSO, and BFE ServicesB-10308625-14.20 Rev 00Checking Address TranslationsAfter you configure your router for bidirectional NAT

Sample Bidirectional NAT Configuration308625-14.20 Rev 00B-11 show nat domains (BCC)The command show nat domains displays address translations for the

Configuring GRE, NAT, RIPSO, and BFE ServicesB-12308625-14.20 Rev 00• The fourth translation is for host B (4.1.1.1) in the inbound domain (domain2.ne

Sample Bidirectional NAT Configuration308625-14.20 Rev 00B-13 • The output columns IP Protocol (UDP, TCP, or none are possible values), Original Port,

Configuring GRE, NAT, RIPSO, and BFE ServicesB-14308625-14.20 Rev 00The output columns Original Port and Translated Port display port number informati

308625-14.20 Rev 00Index-1Aaccept policies, configuring for GRE tunnels, 1-7, 1-8acronyms, xviiaddress translation precedence (NAT), 2-35aging (NAT),

Configuring GRE Tunnels308625-14.20 Rev 001-5 Figure 1-2. GRE Tunnel Encapsulating the IP ProtocolGRE Packet HeadersThe previous example followed the

Index-2308625-14.20 Rev 00delete command (BCC)GREremote tunnel end point, 1-26tunnel, 1-27tunnel protocol, 1-24NATfrom a router interface, 2-79source

308625-14.20 Rev 00Index-3EECMP support limitation for NAT, 2-33Enable parameterGREremote tunnel end point, 1-26, A-5tunnel, 1-22, A-4NATglobal, 2-66,

Index-4308625-14.20 Rev 00LL1 Default Metric parameter (OSI), 1-15L1 Designated Router Priority parameter (OSI), 1-15L2 Default Metric parameter (OSI)

308625-14.20 Rev 00Index-5NAT (continued)dynamic translations (continued)reenabling a source address filter, 2-103reenabling a translation pool, 2-109

Index-6308625-14.20 Rev 00NAT (continued)translation pool (continued)disabling, 2-109enabling, 2-109more than one in a domain, 2-11pairing with source

308625-14.20 Rev 00Index-7publicationshard copy, xixrelated, xviiiRRedirect Enable/Disable parameter (OSI), 1-15reenablingGREremote tunnel end point,

Index-8308625-14.20 Rev 00security classification (RIPSO), 3-4security labels (RIPSO)format, 3-3specifying inbound datagram types that require, 3-9spe

308625-14.20 Rev 00Index-9timeout (NAT)aging, enabling/disabling, 2-71value, configuring for dynamic translations, 2-72timeout command (BCC), 2-71time

Configuring GRE, NAT, RIPSO, and BFE Services1-6308625-14.20 Rev 00Figure 1-3. GRE Packet HeadersThe outermost (delivery) header is an IP header with

Configuring GRE Tunnels308625-14.20 Rev 001-7 Requirements for GRE Tunnels Encapsulating IP ProtocolBefore configuring a tunnel encapsulating IP, you

Configuring GRE, NAT, RIPSO, and BFE Services1-8308625-14.20 Rev 00The disadvantage of using an announce policy is that it prevents the advertisement

Configuring GRE Tunnels308625-14.20 Rev 001-9 Number of Tunnels Configurable per RouterThe number of GRE tunnels you can configure on a router varies,

308625-14.20 Rev 00iiiNortel Networks NA Inc. Software License AgreementNOTICE: Please carefully read this license agreement before copying or using t

Configuring GRE, NAT, RIPSO, and BFE Services1-10308625-14.20 Rev 00Creating a GRE TunnelTo create a tunnel:1. Configure the local tunnel end point.2.

Configuring GRE Tunnels308625-14.20 Rev 001-11 name is a unique name for this tunnel.address is a valid IP address of a local router interface express

Configuring GRE, NAT, RIPSO, and BFE Services1-12308625-14.20 Rev 00Adding a Protocol to the Local Tunnel End PointThe Nortel Networks implementation

Configuring GRE Tunnels308625-14.20 Rev 001-13 Adding an IPX Protocol InterfaceTo add an IPX protocol interface to the local tunnel end point, navigat

Configuring GRE, NAT, RIPSO, and BFE Services1-14308625-14.20 Rev 00Adding an OSI Protocol InterfaceTo add the OSI protocol to the local tunnel end po

Configuring GRE Tunnels308625-14.20 Rev 001-15 6. Set the following parameters (required if OSI has not been configured previously on any other router

Configuring GRE, NAT, RIPSO, and BFE Services1-16308625-14.20 Rev 00Configuring the Remote Tunnel End PointA remote tunnel end point can be any IP int

Configuring GRE Tunnels308625-14.20 Rev 001-17 Using the BCCTo configure a remote tunnel end point using the BCC, complete the following steps.Step 1.

Configuring GRE, NAT, RIPSO, and BFE Services1-18308625-14.20 Rev 00Configuring a Remote Logical IP InterfaceTo configure a remote logical IP interfac

Configuring GRE Tunnels308625-14.20 Rev 001-19 Using Site ManagerConfiguring a Remote End Point for IP or IPXTo configure a remote tunnel end point fo

iv308625-14.20 Rev 00for the security of its own data and information and for maintaining adequate procedures apart from the Software to reconstruct

Configuring GRE, NAT, RIPSO, and BFE Services1-20308625-14.20 Rev 00Configuring a Remote End Point for OSITo configure a remote tunnel end point for t

Configuring GRE Tunnels308625-14.20 Rev 001-21 Customizing a GRE TunnelYou can customize a configured GRE tunnel, as described in the following sectio

Configuring GRE, NAT, RIPSO, and BFE Services1-22308625-14.20 Rev 00Using Site ManagerTo disable or reenable a GRE tunnel, complete the following task

Configuring GRE Tunnels308625-14.20 Rev 001-23 For example, the following command disables the IP protocol interface 9.9.9.1/255.255.255.0:ip/9.9.9.1/

Configuring GRE, NAT, RIPSO, and BFE Services1-24308625-14.20 Rev 00Deleting a Protocol from a GRE TunnelUse the BCC or Site Manager to delete a proto

Configuring GRE Tunnels308625-14.20 Rev 001-25 Disabling and Reenabling a Remote Tunnel End PointWhen you configure a remote tunnel end point, it is e

Configuring GRE, NAT, RIPSO, and BFE Services1-26308625-14.20 Rev 00Using Site ManagerTo disable or reenable a remote tunnel end point, complete the f

Configuring GRE Tunnels308625-14.20 Rev 001-27 Using Site ManagerTo delete a remote tunnel end point, complete the following tasks:Deleting a GRE Tunn

Configuring GRE, NAT, RIPSO, and BFE Services1-28308625-14.20 Rev 00Using Site ManagerTo delete a GRE tunnel, complete the following tasks: Site Manag

308625-14.20 Rev 002-1Chapter 2Configuring Network Address TranslationThis chapter describes network address translation (NAT) and provides instructio

308625-14.20 Rev 00vContents PrefaceText Conventions ...

Configuring GRE, NAT, RIPSO, and BFE Services2-2308625-14.20 Rev 00NAT ConceptsNetwork Address Translation is a method by which IP addresses are mappe

Configuring Network Address Translation308625-14.20 Rev 002-3Unidirectional NATFor unidirectional NAT, the translation is done for addresses within th

Configuring GRE, NAT, RIPSO, and BFE Services2-4308625-14.20 Rev 00RequirementsIn addition to configuring NAT on the router, unidirectional NAT (inclu

Configuring Network Address Translation308625-14.20 Rev 002-5Representing Multiple Hosts with a Single Address: SDPT and N-to-1For TCP and UDP traffic

Configuring GRE, NAT, RIPSO, and BFE Services2-6308625-14.20 Rev 00The major difference between SDPT and N-to-1 translation is that N-to-1 applies onl

Configuring Network Address Translation308625-14.20 Rev 002-7Bidirectional (Multidomain) NATBidirectional multidomain NAT is a unique feature of BayRS

Configuring GRE, NAT, RIPSO, and BFE Services2-8308625-14.20 Rev 00• Install Domain Name System (DNS) server on a machine with a public interface to t

Configuring Network Address Translation308625-14.20 Rev 002-9The DNS proxy server accepts DNS name service requests from hosts on either side of the r

Configuring GRE, NAT, RIPSO, and BFE Services2-10308625-14.20 Rev 00Translation ModesYou can configure your router so that network address translation

Configuring Network Address Translation308625-14.20 Rev 002-11Dynamic Translation ModeNAT dynamic translation mode allows you to configure a temporary

vi308625-14.20 Rev 00Using the BCC ...1-17Step 1

Configuring GRE, NAT, RIPSO, and BFE Services2-12308625-14.20 Rev 00Comparing unidirectional and bidirectional dynamic NAT You can configure unidirect

Configuring Network Address Translation308625-14.20 Rev 002-13For instructions on how to configure mapping aging, see:• “Enabling and Disabling the Dy

Configuring GRE, NAT, RIPSO, and BFE Services2-14308625-14.20 Rev 00Unidirectional NATYou can configure the following types of unidirectional NAT: sta

Configuring Network Address Translation308625-14.20 Rev 002-15Dynamic Unidirectional Address TranslationNAT routers translate host addresses from insi

Configuring GRE, NAT, RIPSO, and BFE Services2-16308625-14.20 Rev 00Figure 2-2. Network Address Translation ExampleBostonAtlantaNew YorkSanta ClaraLon

Configuring Network Address Translation308625-14.20 Rev 002-17When the router’s NAT interface receives a packet, the NAT router extracts the source ad

Configuring GRE, NAT, RIPSO, and BFE Services2-18308625-14.20 Rev 00In Figure 2-4, the NAT router dynamically translates the source address, 10.0.0.15

Configuring Network Address Translation308625-14.20 Rev 002-19In Figure 2-5, the NAT router then replaces the private source address (10.0.0.15) with

Configuring GRE, NAT, RIPSO, and BFE Services2-20308625-14.20 Rev 00The destination host uses the incoming packet’s source address to create a destina

Configuring Network Address Translation308625-14.20 Rev 002-21Figure 2-6. Sample Configuration for NAT SDPTThe HTTP server actually has a local IP add

308625-14.20 Rev 00viiStatic Destination and Port Translation (SDPT) ...2-20Network Address Port Translat

Configuring GRE, NAT, RIPSO, and BFE Services2-22308625-14.20 Rev 00It might seem as if this HTTP server has two identities: The server has its actual

Configuring Network Address Translation308625-14.20 Rev 002-23When TCP packets with a destination address of 192.32.29.17 arrive in the NAT-configured

Configuring GRE, NAT, RIPSO, and BFE Services2-24308625-14.20 Rev 00Figure 2-7. N-to-1 Translation (Part 1)The following events occur:1. NAT receives

Configuring Network Address Translation308625-14.20 Rev 002-252. NAT uses the address and the port number to identify the destination host.3. NAT repl

Configuring GRE, NAT, RIPSO, and BFE Services2-26308625-14.20 Rev 00Bidirectional NATYou can configure bidirectional NAT statically or dynamically, an

Configuring Network Address Translation308625-14.20 Rev 002-27When host A transmits packets to the NAT router, NAT replaces the source address in the

Configuring GRE, NAT, RIPSO, and BFE Services2-28308625-14.20 Rev 00Dynamic Bidirectional Address Translation with Two DomainsFigure 2-10 offers an ex

Configuring Network Address Translation308625-14.20 Rev 002-29A source address filter and translation pool are configured in each domain. Host A in do

Configuring GRE, NAT, RIPSO, and BFE Services2-30308625-14.20 Rev 00Host A in domain 1 receives the DNS response message and saves the translation IP

Configuring Network Address Translation308625-14.20 Rev 002-31Host B receives packets from and sends replies back to host A. The reply packets will ha

viii308625-14.20 Rev 00Customizing a NAT Interface ...2-74Addin

Configuring GRE, NAT, RIPSO, and BFE Services2-32308625-14.20 Rev 00NAT Implementation GuidelinesBefore you implement a NAT configuration, you should

Configuring Network Address Translation308625-14.20 Rev 002-33Protocol Requirements and CompatibilitiesConsider the following guidelines related to pr

Configuring GRE, NAT, RIPSO, and BFE Services2-34308625-14.20 Rev 00Compatibility of NAT and IPsec on a Router InterfaceYou can configure both unidire

Configuring Network Address Translation308625-14.20 Rev 002-35However, NAT SDPT support requires that you combine several translation types in your co

Configuring GRE, NAT, RIPSO, and BFE Services2-36308625-14.20 Rev 00When N-to-1 dynamic port translation is enabled, the source address (private inter

Configuring Network Address Translation308625-14.20 Rev 002-37Figure 2-14 illustrates a NAT configuration in which a dynamic address range encloses an

Configuring GRE, NAT, RIPSO, and BFE Services2-38308625-14.20 Rev 00Figure 2-15 illustrates configured NAT ranges that do not overlap. Packets with a

Configuring Network Address Translation308625-14.20 Rev 002-39Internet Control Message Protocol and Message HandlingNAT automatically allows Internet

Configuring GRE, NAT, RIPSO, and BFE Services2-40308625-14.20 Rev 00Starting NAT Services and Configuring TranslationsThis section provides instructio

Configuring Network Address Translation308625-14.20 Rev 002-41Step 1. Add NAT to a router interfaceTo configure NAT on a router interface, navigate to

308625-14.20 Rev 00ixSpecifying the Outbound Datagram Type Requiring Security Labels ...3-8Specifying the Inbound Datagram T

Configuring GRE, NAT, RIPSO, and BFE Services2-42308625-14.20 Rev 00prefix_length specifies the end of the IP address range available for translation.

Configuring Network Address Translation308625-14.20 Rev 002-43When configuring unidirectional NAT, you must use the special domain name “public” to id

Configuring GRE, NAT, RIPSO, and BFE Services2-44308625-14.20 Rev 00The info command lets you see the values configured so far for this source address

Configuring Network Address Translation308625-14.20 Rev 002-45Using Site ManagerBefore you can start NAT on the router, you must configure a circuit t

Configuring GRE, NAT, RIPSO, and BFE Services2-46308625-14.20 Rev 00Step 2. Configure the NAT public interfaceFor unidirectional NAT, the public inter

Configuring Network Address Translation308625-14.20 Rev 002-47Step 3. Configuring a source address filterFor unidirectional NAT, the source address fi

Configuring GRE, NAT, RIPSO, and BFE Services2-48308625-14.20 Rev 00Step 4. Configuring a translation poolThe translation pool specifies to the router

Configuring Network Address Translation308625-14.20 Rev 002-497. Set the following parameters:• IP Address• Prefix Length• Domain NameClick on Help or

Configuring GRE, NAT, RIPSO, and BFE Services2-50308625-14.20 Rev 00Configuring Bidirectional NAT (Dynamic)In the following bidirectional multidomain

Configuring Network Address Translation308625-14.20 Rev 002-51Step 1. Install DNS server on a device with a public interface to the NAT routerYou must