cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
smross
New Contributor

NAT Order of Operations

Jump to solution

Hello, I just had a quick question.  What is the Adtran NAT order of Operations?  Does the 1335 Route/PBR before NAT or after ?

The reason i am asking is i was trying to configure NAT on a VLAN and i was unable to get it to work until a applied a route-map to the VLAN and set the next hop to the cable modem.  So is the route-map pointing to the cable modem and Nat'ing on the modem and not using the access-policy?

VLAN i was attempting to NAT

interface vlan 192

  snmp trap link-status

  ip address  192.168.112.1  255.255.255.0

  no ip proxy-arp

  ip ffe

  ip policy route-map inet-only

  ip access-policy inet-only

  ip flow ingress

  ip flow egress

  ip route-cache express

  no shutdown

Access-policies and lists and route map

route-map inet-only permit 10

  match ip address nat

  set ip next-hop 70.105.60.1

ip policy-class inet-only

  nat source list nat interface vlan 100 overload

  allow list inet-only

ip access-list extended inet-only

  deny   ip any  10.0.0.0 0.255.255.255

  deny   ip any  172.16.0.0 0.15.255.255

  permit ip any  any

!

ip access-list extended nat

  permit ip 10.32.84.0 0.0.0.255  any

  permit ip 192.168.112.0 0.0.0.255  any

interface vlan 100

  snmp trap link-status

  ip address  X  255.255.255.0

  no ip proxy-arp

  ip ffe

  ip access-policy Outside

  crypto map VPN

  ip flow ingress

  ip flow egress

  qos-policy out SHAPE

  ip route-cache express

  no shutdown

Thanks,

Sean

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: NAT Order of Operations

Jump to solution

:

Thank you for asking this question in the support community.  The order of operation for this application is as follows:

Incoming Packet ----> PBR - Route Lookup ----> Access Policy Allow/Discard or NAT Source

So, for your configuration the traffic is being sent to the next hop of 70.105.60.1 with the source IP address of VLAN 100.

Example 5. on page 33 describes a similar configuration in the Configuring the Firewall (IPv4) in AOS document. 

I hope that makes sense, but please do not hesitate to reply to this post with any additional questions or information.  I will be happy to help in any way I can.

Levi

View solution in original post

1 Reply
Anonymous
Not applicable

Re: NAT Order of Operations

Jump to solution

:

Thank you for asking this question in the support community.  The order of operation for this application is as follows:

Incoming Packet ----> PBR - Route Lookup ----> Access Policy Allow/Discard or NAT Source

So, for your configuration the traffic is being sent to the next hop of 70.105.60.1 with the source IP address of VLAN 100.

Example 5. on page 33 describes a similar configuration in the Configuring the Firewall (IPv4) in AOS document. 

I hope that makes sense, but please do not hesitate to reply to this post with any additional questions or information.  I will be happy to help in any way I can.

Levi

View solution in original post