NAT Reassembly

If a packet is fragmented before it arrives on a TNSR interface, only the initial fragment packet contains header information needed to properly apply NAT. Later fragments lack these details, which prevents TNSR NAT from seeing port data. This can lead to fragments being mishandled because TNSR has no way to determine what it should do to these fragments. NAT reassembly works around this problem by holding fragments and reassembling entire packets for inspection, allowing TNSR to properly act upon the full packet.

Commands

To enter NAT reassembly mode:

tnsr# configure
tnsr(config)# nat reassembly (ipv4|ipv6)
tnsr(nat_reassembly)#

The following commands are available within NAT reassembly mode:

concurrent-reassemblies <max-reassemblies>:
 Configures the maximum number of packets held for reassembly at any time. Default 1024.
disable:Disables NAT reassembly
enable:Enables NAT reassembly
fragments <max-fragments>:
 Maximum number of fragments to reassemble. Default 5.
timeout <seconds>:
 Number of seconds to wait for additional fragments to arrive for reassembly. Default 2 seconds.

To exit NAT reassembly mode:

tnsr(nat_reassembly)# exit
tnsr(config)#