Contents - Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- System overview
- Accessing the CLI
- CS interface
- Precautions
- Typographical conventions used in this document
- Mouse conventions
- Warranty Service and Returned Merchandise Authorizations (RMAs)
- Introduction
- SmartWare embedded software
- Applications
- Enterprise networks
- LAN telephony
- Configuration concepts
- Contexts and Gateways
- Interfaces, Ports, and Bindings
- Profiles and Use commands
- Command line interface (CLI)
- Command modes
- Navigating the CLI
- Command history
- Accessing the SmartWare CLI task list
- Accessing via the console port
- Telnet Procedure
- Selecting a secure password
- Password encryption
- Creating an administrator account
- Switching to another account
- Command index numbers
- Ending a Telnet or console port session
- System image handling
- Memory regions in SmartWare
- Configuration file
- Displaying system image information
- Upgrading the software directly
- Auto provisioning of firmware and configuration
- Boot procedure
- Factory configuration
- Configuration file handling
- Configuration file handling task list
- Remote memory regions for SmartWare
- Use Cases
- Basic system management
- Basic system management configuration task list
- Setting system information
- Setting the system banner
- Setting time and date
- Display time since last restart
- Restarting the system
- Controlling command execution
- Timed execution of CLI command
- RADIUS Client Configuration
- Authentication procedure with a RADIUS server
- RADIUS configuration
- Attributes in the RADIUS request message
- Attributes in the RADIUS accept message
- IP context overview
- IP context and related elements
- IP context overview configuration task list
- Planning your IP configuration
- Configuring NAPT
- Configuring access control lists
- IP interface configuration
- Creating an IP interface
- IP interface configuration task list
- Setting the IP address and netmask
- ICMP message processing
- Displaying IP interface information
- Displaying dynamic ARP entries
- Debug ARP
- Configuring the IGMP Proxy
- NAT/NAPT
- Dynamic NAPT
- Static NAPT
- Static NAT
- NAT/NAPT configuration task list
- Preserving TCP/UDP port numbers in NAPT
- Activate NAT/NAPT
- Ethernet port configuration
- Ethernet port configuration task list
- Multiple IP addresses on Ethernet ports
- Adding a receive mapping table entry
- Adding a transmit mapping table entry
- Using the built-in Ethernet sniffer
- Link scheduler configuration
- Applying scheduling at the bottleneck
- Introduction to Scheduling
- Burst tolerant shaping or wfq
- Quick references
- Command cross reference
- Packet classification
- Creating an access control list
- Specifying differentiated services codepoint (DSCP) marking
- Specifying layer 2 marking
- Discarding Excess Load
- Displaying link arbitration status
- Serial port configuration
- Serial port configuration task list
- Enter Frame Relay mode
- Enabling fragmentation
- Binding the Frame Relay PVC to IP interface
- IP interface wan is bound to PVC 1 on port serial 0 0
- Enabling a Frame Relay PVC
- Debugging Frame Relay
- Displaying serial port information
- Integrated service access
- IP Context with logical IP interfaces bound to Ethernet port, serial port PVC 1 and PVC 2
- T1/E1 port configuration
- Enable/Disable T1/E1 port
- T1/E1 port configuration task list
- Create a Channel-Group
- Example 1: Frame Relay without a channel-group
- Example 2: Framerelay with a channel-group
- DSL Port Configuration
- Configuration Summary
- Setting up permanent virtual circuits (PVC)
- Diagnostics
- Basic IP routing configuration
- Routing tables
- Basic IP routing configuration task list
- Deleting static IP routes
- Examples
- Changing the default UDP port range for RTP and RTCP
- RIP configuration
- Routing protocol
- RIP configuration task list
- Enabling an interface to receive RIP
- Specifying the receive RIP version
- Enabling RIP announcing
- Enabling RIP auto summarization
- Enabling RIP split-horizon processing
- Enabling holding down aged routes
- Displaying global RIP information
- Access control list
- About access control lists
- Features of access control lists
- Access control list configuration task list
- SNMP configuration
- Simple Network Management Protocol (SNMP)
- SNMP management information base (MIB)
- SNMP tools
- Setting access community information
- Setting allowed host information
- Displaying SNMP related information
- Using the MibBrowser
- Using the TrapViewer
- AdventNet Trap Details window of TrapViewer
- Standard SNMP version 1 traps
- SNMP interface traps
- SNTP client configuration
- SNTP client configuration task list
- Enabling and disabling the SNTP client
- Enabling and disabling local clock offset compensation
- Showing SNTP client related information
- Recommended public SNTP time servers
- Additional information on NTP and a list of other NTP servers
- DHCP configuration
- DHCP-client configuration tasks
- Release or renew a DHCP lease manually (advanced)
- DHCP-server configuration tasks
- Get debug output from the DHCP-server
- DNS configuration
- Enabling the DNS resolver
- DNS configuration task list
- DynDNS configuration
- Creating a DynDNS account
- DynDNS configuration task list
- Troubleshooting
- PPP configuration
- PPP configuration task list
- Creating a PPP subscriber
- Trigger forced reconnect of PPP sessions using a timer
- Debugging PPP
- Sample configurations
- PPP over serial link
- VPN configuration
- Authentication
- Transport and tunnel modes
- VPN configuration task list
- Debugging IPsec
- Key management (IKE)
- Policy matching
- Encrypted Voice - Performance considerations
- Using an alternate source IP address for specific destinations
- IPsec tunnel, 3DES encryption at 192 bit key length, ESP authentication with HMAC-MD5-96
- CS context overview
- CS context configuration task list
- Planning the CS configuration
- Configuring general CS settings
- Configuring call routing
- Creating and configuring CS interfaces
- Configuring dial tones
- Configuring ISDN ports
- Activating CS context configuration
- SmartNode in an Enterprise network
- Planning the CS context
- CS interface configuration
- CS interfaces on the CS context
- Configuring the interface mapping tables
- Incoming call passing an interface mapping table
- Configuring the precall service tables
- ISDN interface configuration
- ISDN interfaces on the CS context
- ISDN interface configuration task list
- Disabling call-waiting on ISDN DSS1 network interfaces
- Enabling Display Information Elements on ISDN Ports
- Enable sending of date and time on ISDN DSS1 network interfaces
- ISDN Advice of Charge support
- ISDN DivertingLegInformation2 Facility
- Configuring an alternate PSTN profile (optional)
- FXS supplementary services description
- Command Summary
- FXS interface configuration task list
- FXO interface configuration
- FXO interfaces on the CS context
- FXO services description
- Deleting an FXO interface
- FXO interface configuration task list
- FXO Mute dialing
- FXO interface examples
- H.323 interface configuration
- H.323 interfaces on the CS context
- H.323 interface configuration task list
- Enabling 'early-proceeding' on H.323 interfaces
- Enabling the via address support (optional)
- Enabling or disabling overlapped sending support in H.323
- SIP interface configuration
- SIP interfaces on the CS context
- SIP interface configuration task list
- Mapping call-control properties to SIP headers
- Enabling support for SIP remote-party-id headers
- SIP REFER Transmission (& ISDN Explicit Call Transfer support)
- SIP Diversion Header
- Receive Direction
- AOC Over SIP
- Call router configuration
- Direct call routing vs. advanced call routing
- Call router configuration task list
- Enable advanced call routing on circuit interfaces
- ISDN number types
- Create a routing table
- Called party number routing table
- Wildcard symbols used as keys in E.164 tables (calling-e164, called-e164)
- Digit Collection
- Digit Collection Variants
- Calling party number routing table
- Numbering plan routing table
- Name routing table
- URI routing table
- Screening Indicator Routing Table
- Information transfer capability routing table
- Call-router support for redirecting number and redirect reason
- Time of day routing table
- Deleting routing tables
- Mapping table outline
- Mapping table types
- Mapping table examples
- E.164 to E.164 Mapping Tables
- Custom SIP URIs from called-/calling-e164 properties
- Deleting mapping tables
- Creating complex functions
- Deleting complex functions
- Digit collection & sending-complete behavior
- Call-Router
- Egress Interface
- Creating call services
- Hunt group service
- Hunt group drop causes
- Creating a distribution group service
- Distribution group service examples
- Distribution-Group Min-Concurrent setting
- Priority service
- Priority service diagram
- CS Bridge service—'VoIP Leased Line
- Bridge services diagram
- Deleting call services
- Call routing example network
- CS context and call router elements
- Tone configuration
- Tone-set profiles
- ISDN port configuration
- ISDN reference points
- ISDN UNI Signaling
- Integration of ISDN access lines
- ISDN Configuration Concept
- Description
- ISDN port configuration task list
- Enabling PSS1/Q.SIG
- Show ISDN port status
- PBX connected to ISDN port 1/0
- FXS port configuration
- Bind FXS ports to higher layer applications
- Other FXS port parameters
- FXO port configuration
- Configure country specific FXO port parameters
- H.323 gateway configuration
- Gateway configuration task list
- Enabling H.245 Tunneling
- Enabling the fastconnect procedure
- Changing the TCP port for inbound call-signaling connections
- Setting the connect timeout
- Advanced configuration options (optional)
- SIP gateway configuration
- Binding the gateway to an IP interface
- Enable the Gateway
- Automatic detection of the NAT IP address for SIP
- Enable the session timer (optional)
- Initiating a new SIP session for redirected SIP calls
- Changing the SIP transaction timeout
- SIP Multicast Registration
- Default Server
- VoIP profile configuration
- VoIP profile configuration task list
- DTMF Relay
- Jitter and dejitter buffer
- Adaptive versus static dejitter buffer
- Fax relay and Fax bypass
- T.38 CED retransmission
- Fax bypass method
- Modem bypass method
- Soft phone client gateway
- PSTN profile configuration
- PSTN profile configuration task list
- VoIP debugging
- Debugging strategy
- Filtering debug monitor output
- Debugging call signaling
- Verify an incoming call
- Verify an outgoing call
- Verify ISDN layer 1,2,3 status
- Debugging FXS Signaling
- Debugging H.323 Signaling
- Debugging SIP signaling
- Using SmartWare's internal call generator
- Debugging voice data
- Check system logs
- SmartWare architecture terms and definitions
- B Mode summary
- Mode overview, 1 of 3
- Mode Overview, 2 of 3
- Mode Overview, 3 of 3
- EBNF syntax
- New Configuration Commands
- D Internetworking terms & acronyms
- Abbreviations
- Used IP ports
- Available voice codecs
|
NAT/NAPT configuration task list 128SmartWare Software Configuration Guide 11 • NAT/NAPT configurationUse no in front of the above commands to delete a specific entry or the whole profile.Note The command icmp default is obsolete.Example: Creating a NAPT ProfileThe following example shows how to create a new NAPT profile access that contains all settings necessary toimplement the examples in section “Introduction” on page 124.node(cfg)#profile napt accessnode(pf-napt)[access]#range 192.168.1.10 192.168.1.19 131.1.1.2node(pf-napt)[access]#static tcp 192.168.1.20 80node(pf-napt)[access]#static tcp 192.168.1.20 23 131.1.1.3node(pf-napt)[access]#range 192.168.1.30 192.168.1.39 131.1.1.10 131.1.1.15node(pf-napt)[access]#static 192.168.1.40 131.1.1.20node(pf-napt)[access]static ah 192.168.1.41 131.1.1.120Configuring a NAPT DMZ hostThe NAPT allows a DMZ host to be configured, which receives any inbound traffic on the global NAPTinterface, which:• Is not translated by any static or dynamic NAPT entry and• Is not handled by the device itself.The following procedure shows how a DMZ host can be configured.Mode: profile napt Defining NAPT port rangesThe TCP/UDP port ranges to be used by the NAPT can be defined using the following procedure. The defaultport ranges for both TCP/UDP are 8000 to 15999.5(optional)node(pf-napt)[name]#staticlocal-ip global-ipCreates a Static NAT entry:local-ip is mapped toglobal-ip .(max. 20 entries)6(optional)node(pf-napt)[name]#static{ ah|esp|gre|ipv6 }local_ip[global_ip ].Creates a static NAT entry: traffic of the IP protocolAH, ESP, GRE, or IPv6 respectively directed to theglobal_ip is forwarded to thelocal_ip.Step Command Purpose1 [name] (pf-napt)[pf-name]# [no]dmz-host []Configures a DMZ host. The global-ip-address mustonly be specified, if the DMZ host shall handle theinbound traffic for a different NAPT global IPaddress than the gateways global interface IPaddress.Step Command Purpose
|
