NAT Pool Addresses¶
Before TNSR can perform any type of NAT, an inside and outside interface
must be set and at least one outside/external address (e.g. WAN-side) must be
listed in a NAT pool. These pools are added from configure mode
(Configuration Mode) in the TNSR CLI (Entering the TNSR CLI).
Note
TNSR will respond to ARP and ICMP echo requests (ping) for addresses in NAT pools, even when they are not configured on interfaces. Ensure that NAT pool addresses are not used by other hosts on the network.
Warning
These options cannot be changed while NAT is disabled. Enable NAT before running these commands (Enable NAT).
Single NAT Pool Address¶
For a single external address, define a NAT pool like so:
tnsr(config)# nat pool addresses 203.0.113.2
Note
This can be an IP address configured directly on an interface, but that is not a requirement.
A single pool address can also be configured with range style syntax:
tnsr(config)# nat pool addresses 203.0.113.2 - 203.0.113.2
Multiple NAT Pool Addresses¶
For multiple addresses, there are two methods: Using a range or repeating the command with single addresses.
First, using a range:
tnsr(config)# nat pool addresses 203.0.113.2 - 203.0.113.6
Note
NAT pools are defined as single addresses or contiguous ranges. It is not possible to remove or exclude addresses from within a pool configured as a range; The entire range must be removed by using the starting address. To exclude addresses in the middle of a range from use in NAT pools, use multiple discrete pools with ranges that do not include the undesirable addresses.
The range command can be repeated to define multiple ranges:
tnsr(config)# nat pool addresses 203.0.113.2 - 203.0.113.3
tnsr(config)# nat pool addresses 203.0.113.5 - 203.0.113.6
Repetition of the single entry form for each pool address also results in multiple pool entries:
tnsr(config)# nat pool addresses 203.0.113.2
tnsr(config)# nat pool addresses 203.0.113.3
tnsr(config)# nat pool addresses 203.0.113.5
tnsr(config)# nat pool addresses 203.0.113.6
NAT Pool Interfaces¶
TNSR also supports using an interface to automatically determine pool addresses:
tnsr(config)# nat pool interface GigabitEthernet0/14/1
For Outbound NAT this is typically the interface set as ip nat
outside.
NAT Pool Route Table (VRF)¶
NAT pools can optionally take an argument which defines a specific route table (VRF, Virtual Routing and Forwarding) in which the NAT pool will operate. For example, this allows TNSR to apply NAT pools selectively to traffic depending on the VRF configured on specific local interfaces.
Note
This is only possible when specifying a static address range for a pool, not for an interface name or single address style. A single address can be passed as both the lower and upper range boundary to apply a VRF to a single NAT pool address.
tnsr(config)# nat pool addresses 203.0.113.2 - 203.0.113.3 route-table myroutes
tnsr(config)# nat pool addresses 203.0.113.5 - 203.0.113.5 route-table myroutes