Network Address TranslationΒΆ
Warning
This section discusses Dataplane NAT, which is deprecated and will be removed in TNSR 25.06.
The current best practice is to use VPF Network Address Translation. Dataplane NAT users should migrate to VPF for NAT as soon as possible.
Network Address Translation, or NAT, involves changing properties of a packet as it passes through a router. Typically this is done to mask or alter the source or destination to manipulate how such packets are processed by other hosts.
The most common examples are:
Source NAT, also known as Outbound NAT, which translates the source address and port of a packet to mask its origin.
Destination NAT, commonly referred to as Static NAT or Port Forwards which translate the destination address and port of a packet to redirect the packet to a different target host behind the router.
TNSR applies NAT based on the configured mode and the presence of directives
that set inside (internal/local) and outside (external/remote)
interfaces.
An inside interface is a local interface where traffic enters and it will
have its source hidden by NAT. An outside interface is an interface where
that translation will occur as a packet exits TNSR. An example of this is shown
in Outbound NAT.
Note
NAT is processed after ACL rules. For more information, see ACL and NAT Interaction.
Note
NAT-specific virtual reassembly parameters have been deprecated in favor of shallow virtual reassembly. See IP Reassembly.