NAT ALG, v5 blueprint
Hello everyone,
I was wondering if anyone has any information on NAT ALG (examples, tutorials... ), I see this topic is on v5 blueprint.
Not sure what we could be tested on regarding that topics, and I'm struggling to find any good information on that subject.
Kind regards,
Vincent
Comments
Hi Vincent,
You may want to take a look at NAT configuration guide, document that you have access to in the lab also. You could read the document, know what's about and if specific requirements appear in the lab just to know where to reference the topic in the documentation available.
It's under IP addressing :
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mt-book/iadnat-applvlgw.html
I've been looking for good info on this too. I've been through the doc Ciprian linked and the only parts that look like they might be relvant are the IPsec preserve port and SPI matching. The rest of it looks to be voice related. Unfortunately the doc is a bit poorly written in terms of actual examples. It states that you need to use ACLs to specify traffic, but isn't very clear on how these ACLs should be constructed.
The main use I can see for it is if you have multiple IPsec ESP peers behind a NAT device doing NAT overload - in this case SPI matching should allow them all to form a connection (although I think IPsec NAT-T will resolve the same issue without any config required). Preserve port is for when you are dealing with third party devices that insist on port 500 being used for source and destination ISAKMP traffic - not likely to be an issue for the lab unless there is some kind of specific ACL that you can't change.
Its on my list of things to lab up, but it would be great if anyone who has already worked it out could share the details
I've found a bit more info on this at http://my.safaribooksonline.com/book/networking/vpn/1587051117/enhanced-ipsec-features/ch03lev1sec8#X2ludGVybmFsX0h0bWxWaWV3P3htbGlkPTE1ODcwNTExMTclMkZjaDAzbGV2MXNlYzgmcXVlcnk9