If a packet is fragmented before it arrives on a TNSR interface, only the initial fragment packet contains header information needed to properly apply NAT. Later fragments lack these details, which prevents TNSR NAT from seeing port data. This can lead to fragments being mishandled because TNSR has no way to determine what it should do to these fragments. NAT reassembly works around this problem by holding fragments and reassembling entire packets for inspection, allowing TNSR to properly act upon the full packet.
nat reassembly (ipv4|ipv6) command, available from
config-nat-reassembly mode to configure how NAT fragment reassembly
behaves for either IPv4 or IPv6.
The following commands are available within
- concurrent-reassemblies <max-reassemblies>
Configures the maximum number of packets held for reassembly at any time. Default
Disables NAT reassembly
Enables NAT reassembly
- fragments <max-fragments>
Maximum number of fragments to reassemble. Default
- timeout <seconds>
Number of seconds to wait for additional fragments to arrive for reassembly. Default
To view the current values in the configuration for NAT reassembly, use
tnsr# show nat reassembly NAT Reassembly Parameters ------------------------- Family: ipv4 Enabled : true Timeout : 2 seconds Max Fragments : 5 Max concurrent reassemblies: 1024 Family: ipv6 Enabled : true Timeout : 2 seconds Max Fragments : 5 Max concurrent reassemblies: 1024