Implementing a NAT

network translation address (NAT) provides an alias IP address that a node can use as its source IP address when making or receiving connections to clients on the external network. (This distinguishes it from a SNAT, which can initiate but not receive a connection.)

The IP addresses that identify nodes on the internal network need not be routable on the external network. This protects nodes from illegal connection attempts, but it also prevents nodes (and other hosts on the internal network) from receiving direct administrative connections, or from initiating connections to external servers, such as mail servers or databases.

Using NATs solves this problem. NATs assign to a particular node a routable IP address that the node can use as its source IP address when connecting to external servers. You can use the NAT IP address to connect directly to the node through the BIG-IP system, rather than having the BIG-IP system send the traffic to a random node according to the specified load balancing method.

Note that NATs do not support port translation, and are not appropriate for protocols that embed IP addresses in the packet, such as FTP, NT Domain or CORBA IIOP.

You must create a separate NAT for each node, using the Configuration utility. When you create a NAT, you configure a set of properties. While you must configure theNAT Address and Origin Address settings at the time that you create the NAT, you can use the default values for the other settings, or modify those values later.

To create a NAT

  1. On the Main tab, expandLocal Traffic, and click SNATs.
    The SNATs screen opens.
  2. On the menu bar, clickNAT List.
  3. In the upper right corner, clickCreate.
    The New NAT screen opens.

Note: If the Create button is unavailable, this indicates that your user role does not grant you permission to create a NAT.

  1. In theNAT Address box, type the IP address that you want to use as a translation address.
  2. In theOrigin Address box, type the original client IP address to be translated.
  3. Retain or modify all other values as necessary.
  4. ClickFinished.

Additional restrictions

When using a NAT, you should be aware of the following restrictions:

  • The IP address defined in theOrigin Address box must be routable to a specific server behind the system.
  • You must delete a NAT before you can redefine it.

Managing SNATs and NATs

Using the Configuration utility, you can manage existing SNATs in many ways. For example, you might want to view a list of existing SNAT pools before creating a new one. Or you might want to modify the way that a standard SNAT maps an original IP address to a translation address.

That tasks that you can perform when managing SNATs are:

  • Viewing or modify a SNAT or NAT, or a SNAT pool
  • Defining or viewing translation addresses
  • Deleting SNATs or NATs, SNAT pools, and translation addresses
  • Enabling or disabling SNATs or NATs for a load balancing pool
  • Enabling or disabling SNAT or NAT translation addresses

Viewing or modifying SNATs, NATs, and SNAT pools

You can view or modify any SNATs, NATS, or SNAT pools that you created previously.

To view or modify a SNAT or NAT

  1. On the Main tab, expandLocal Traffic, and click SNATs.
    This displays a list of existing SNATs.
  2. Select the type of item you want to view or modify:
    • If you want to view or modify a SNAT, click a SNAT name.
    • If you want to view or modify a NAT, find theNAT List menu, and click a NAT address.
  3. View or modify the displayed settings.
  4. If you modified any settings, clickUpdate.

To view or modify a SNAT pool

  1. On the Main tab, expandLocal Traffic, and click SNATs.
    This displays a list of existing SNATs.
  2. On the menu bar, clickSNAT Pool List.
    This displays a list of existing SNAT pools.
  3. Click a SNAT pool name.
  4. View or modify the displayed settings.
  5. If you modified any settings, clickUpdate.

Defining and viewing translation addresses

You can define a translation address or view any existing translation addresses the you defined previously.

To explicitly define a translation address

  1. On the Main tab, expandLocal Traffic, and click SNATs.
  2. On the menu bar, clickSNAT Translation List.
    This displays any existing translation addresses.
  3. In the upper-right corner of the screen, clickCreate.

Note: If the Create button is unavailable, this indicates that your user role does not grant you permission to create a SNAT.

  1. Retain or change all property settings.
  2. ClickFinished.

To view translation addresses

  1. On the Main tab, expandLocal Traffic, and click SNATs.
    This displays a list of existing SNATs.
  2. On the menu bar, clickSNAT Translation List.
    This displays a list of existing translation addresses.
  3. Click a translation address.
  4. View or modify the displayed settings.
  5. If you modified any settings, clickUpdate.

Deleting SNATs, NATs, SNAT pools, and translation addresses

You can delete any existing SNAT, NAT, SNAT pool, or translation address that you created previously.

To delete a SNAT or a NAT

  1. On the Main tab, expandLocal Traffic, and click SNATs.
    This displays a list of existing SNATs.
  2. Select the type of item you want to delete:
    • If you want to delete a SNAT, locate the SNAT you want to delete, and check the Select box on the left.
    • If you want to delete a NAT, clickNAT List on the menu bar, locate the NAT you want to delete, and check the Select box to the left.
  3. At the bottom of the screen, clickDelete.

To delete a SNAT pool

  1. On the Main tab, expandLocal Traffic, and click SNATs.
    This displays a list of existing SNATs.
  2. On the menu bar, clickSNAT Pool List.
    This displays a list of existing SNAT pools.
  3. Locate the SNAT pool you want to delete, and check the Select box to the left.
  4. At the bottom of the screen, clickDelete.

To delete a translation address

  1. On the Main tab, expandLocal Traffic, and click SNATs.
    This displays a list of existing SNATs.
  2. On the menu bar, clickSNAT Translation List.
    This displays a list of existing translation addresses.
  3. Locate the translation address you want to delete, and check the Select box to the left.
  4. At the bottom of the screen, clickDelete.

Was this article helpful?

Related Articles

Leave A Comment?

You must be logged in to post a comment.