1 Reply Latest reply on Jun 20, 2012 9:56 AM by levi

    NAT Order of Operations

    smross New Member

      Hello, I just had a quick question.  What is the Adtran NAT order of Operations?  Does the 1335 Route/PBR before NAT or after ?

       

      The reason i am asking is i was trying to configure NAT on a VLAN and i was unable to get it to work until a applied a route-map to the VLAN and set the next hop to the cable modem.  So is the route-map pointing to the cable modem and Nat'ing on the modem and not using the access-policy?

       

       

      VLAN i was attempting to NAT

       

      interface vlan 192

        snmp trap link-status

        ip address  192.168.112.1  255.255.255.0

        no ip proxy-arp

        ip ffe

        ip policy route-map inet-only

        ip access-policy inet-only

        ip flow ingress

        ip flow egress

        ip route-cache express

        no shutdown

       

      Access-policies and lists and route map

       

      route-map inet-only permit 10

        match ip address nat

        set ip next-hop 70.105.60.1

       

      ip policy-class inet-only

        nat source list nat interface vlan 100 overload

        allow list inet-only

       

      ip access-list extended inet-only

        deny   ip any  10.0.0.0 0.255.255.255

        deny   ip any  172.16.0.0 0.15.255.255

        permit ip any  any

      !

      ip access-list extended nat

        permit ip 10.32.84.0 0.0.0.255  any

        permit ip 192.168.112.0 0.0.0.255  any

       

       

      interface vlan 100

        snmp trap link-status

        ip address  X  255.255.255.0

        no ip proxy-arp

        ip ffe

        ip access-policy Outside

        crypto map VPN

        ip flow ingress

        ip flow egress

        qos-policy out SHAPE

        ip route-cache express

        no shutdown

       

      Thanks,

       

      Sean

        • Re: NAT Order of Operations
          levi Employee

          smross:

           

          Thank you for asking this question in the support community.  The order of operation for this application is as follows:

           

          Incoming Packet ----> PBR - Route Lookup ----> Access Policy Allow/Discard or NAT Source

           

          So, for your configuration the traffic is being sent to the next hop of 70.105.60.1 with the source IP address of VLAN 100.

           

          Example 5. on page 33 describes a similar configuration in the Configuring the Firewall (IPv4) in AOS document. 

           

          I hope that makes sense, but please do not hesitate to reply to this post with any additional questions or information.  I will be happy to help in any way I can.

           

          Levi