Avaya BSGX4e User's Guide Page 134
- Page / 456
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
134 BSGX4e Business Gateway User Guide
NN47928-102 Release 01.01
NAT/ALG
Network Address Translation (NAT) provides security by hiding the internal addresses
of the private network from the Internet: addresses and/or ports are translated
from private IP addresses to public IP addresses, and vice versa.
The BSGX4e device can do both standard and reverse NAT:
Standard NAT (also known as Network Address Port Translation [NAPT])
Standard NAT translates the source IP address of the LAN to the public WAN IP
address. It also changes the source port (for UDP and TCP protocols) or the ICMP
identifier. These translations allow several LAN devices to be connected to the
WAN through one public IP address.
Reverse NAT (also known as Redirection)
Reverse NAT forwards traffic and translates addresses between a private IP
address and a public IP address. This allows a server in the LAN to be accessed
from the Internet (using address forwarding or port forwarding).
The BSGX4e device also supports the Application Layer Gateway (ALG). The ALG
enables the transfer of FTP or TFTP traffic through firewall policies and NAT. This is
done by creating dynamic holes in the firewall policy and changing IP addresses in
application protocol headers. To enable ALG, see “ALG Configuration” (page 140).
Configuring NAT
The NAT policy types on the BSGX4e allow for the following configuration:
Static NAT (also known as inbound mapping)
One, and only one, public IP address is mapped to one private IP address. Static
NAT supports strict translation: only one device on the private network can be
recognized through the public IP address on the Internet.
NAT address forwarding forwards a flow from the WAN side that is directed to a
public address; it changes the destination IP address to a matching LAN address.
NAT port forwarding forwards the flow from the WAN side that is directed to a
specific public IP address and port, changing the destination IP address and port
to the configured destination IP address and port of the LAN device. NAT port
forwarding supports NAT overload. Use of multiple ports enables one public IP
address to serve multiple hosts on the private network.
To use NAT, the following configuration steps are required:
1. Verify that NAT is enabled on the WAN interface. (It is initially enabled on eth0.)
2. Configure NAT public addresses and policies as needed for each address and port
translation.
3. Configure firewall security policies that reference the NAT policies (see “Security
Policy Configuration Command” (page 131)).
For specific steps and examples, see “Port Forwarding” (page 137), “Address
Forwarding” (page 138), and “Static NAT Forwarding” (page 138).
- Business Gateway 1
- Trademarks 2
- Hardware Notice 2
- ABOUT THIS GUIDE 3
- CONNECTING TO THE DEVICE 3
- INITIAL SETUP 4
- USER MANAGEMENT 4
- COMMAND INTERFACE 5
- WAN INTERFACE CONFIGURATION 5
- LAN SWITCH CONFIGURATION 5
- VLAN CONFIGURATION 6
- ROUTING CONFIGURATION 6
- SECURITY CONFIGURATION 7
- VPN CONFIGURATION 7
- GOS CONFIGURATION 8
- MGCP CONFIGURATION 9
- VOIP CONFIGURATION 9
- LOCAL CALL ROUTING 10
- SIP CONFIGURATION 10
- VOIP SERVICES AND RELAYS 11
- MONITORING 12
- MONITORING TOOLS 12
- SOFTWARE UPGRADES 13
- WEB USER INTERFACE 13
- THIRD PARTY SOFTWARE 14
- SSH FUNCTIONALITY 14
- TCPDUMP EXPRESSIONS 14
- STANDARDS COMPLIANCE 14
- RULE COMPLIANCE 14
- COPYRIGHT INFORMATION 15
- GLOSSARY 15
- Audience 23
- Organization 23
- Conventions 25
- Documentation 26
- How to get help 26
- About This Guide 27
- ONNECTING 29
- Device Features 30
- Connecting to the Device 31
- Connecting to the Unit 32
- Telnet Access 34
- Telnet Configuration Example 35
- Show Telnet Configuration 35
- Telnet Client Command 35
- Telnet Session Example 35
- SSH Server 36
- SSH Example 37
- Show SSH Configuration 37
- Regenerate SSH keys 37
- Web Server 38
- Disable Web Server Example 39
- Show Web Server Configuration 39
- Show Web Server Statistics 40
- SSL Key Command 41
- SSL CSR Command 41
- SSL Certificate 42
- SSL Configuration Example 43
- Show SSL Configuration 43
- Setting the Time 47
- SNTP Configuration Command 48
- SNTP Client Example 48
- Show SNTP Configuration 48
- Watchdog Reset Timer 49
- DNS Client 50
- Initial Setup 51
- Initial Settings 52
- ANAGEMENT 57
- Password Entry 58
- Changing a Password 59
- Showing Active Users 60
- User Accounts 61
- Add User Account Example 63
- Show User Account 63
- Deleting a User Account 63
- User Groups 64
- Add User Group Example 65
- Show a User Group 65
- Deleting a User Group 65
- User Rights 66
- Configuration Command 67
- Add User Rights Example 67
- Radius Authentication 68
- Configuration Requirements 69
- Configuration Steps 69
- Radius Authentication Records 69
- TACACS+ Authentication 71
- User Management 73
- Logging Off 78
- Saving Configuration Changes 79
- Showing the Configuration 80
- Defining Auto Run Commands 80
- Online Help 81
- Interactive Mode 82
- CLI Command Syntax 83
- Parameter Values 84
- Command Keyword NO 84
- Command Keyword ALL 85
- Maintenance Commands 86
- Command Interface 87
- Debug Commands 88
- WAN Interface (eth0) 92
- WAN Interface Configuration 93
- Show eth0 Configuration 94
- Clear Statistics 95
- Example 1 98
- Example 2 98
- Show Port Configuration 99
- Show Port Status 99
- Show Port Statistics 100
- Release 01.01 NN47928-102 101
- LAN Switch Configuration 101
- Detailed Port Statistics 101
- Clear Port Statistics 101
- LAN Interface (eth1) 102
- Show eth1 Configuration 103
- ARL Configuration 104
- Show ARL Table 105
- Layer 2 QoS 106
- Priority Queues 107
- NN47928-102 Release 01.01 108
- ONFIGURATION 111
- Packet Tagging 112
- VLAN Port Assignment Command 112
- VLAN Port Assignment Examples 112
- Show VLAN Port Assignments 113
- Delete VLAN Port Assignment 113
- Configuring a VLAN Interface 114
- VLAN IP Address Assignment 115
- *> show interface ip vif0 116
- Modifying or Deleting a VLAN 117
- VLAN Deletion Example 118
- VLAN Configuration 119
- Configuring ARP 122
- Delete ARP Entry 123
- Flush ARP Table 123
- Protecting ARP Traffic 123
- Configuring Static Routes 124
- Static Route Examples 125
- Show Route Table 125
- Starting the RIP Daemon 126
- RIP Daemon Example 127
- Show RIP Status 127
- Show RIP Routes 127
- Firewall Security Policies 130
- Security Configuration 131
- Show Firewall Log Entries 132
- Connection Time-outs 133
- Configuring NAT 134
- Configuring NAT Policies 135
- Port Forwarding 137
- Address Forwarding 138
- Static NAT Forwarding 138
- Show NAT Policies 139
- ALG Configuration 140
- Attack Types 141
- Packet Anomaly Protection 141
- Fragment Anomaly Activation 142
- Flood Protection 143
- Flood Detection Activation 144
- Setting Flood Thresholds 145
- Scan Protection 146
- Spoof Protection 147
- IDS Spoof Command 148
- IDS Spoof Example 148
- IDS Statistics 149
- Clear IDS Statistics 150
- Show IDS Log Entries 150
- Configuration Elements 154
- IKE Policies 155
- IKE Lifetime Parameters 155
- IKE Preshared Key Records 156
- Show IKE Statistics 158
- IPsec Parameters 159
- IPsec Proposals 160
- IPsec Policies 160
- VPN Configuration 161
- IPsec Policy Requirements 161
- VPN Configuration Examples 163
- ISP Tunnel Example 166
- Configuring the ISP Gateway 167
- Configuring a VPN 169
- Figure 7 Flow types 173
- VPN support on BSGX4e 174
- Configuration of Cisco 176
- Troubleshooting on BSGX4e 177
- Quality Groups 182
- GoS Classes 182
- Traffic Policing 183
- CAR Policing 184
- Configuring GoS 185
- Configuring a GoS Link 186
- Configuring Quality Groups 187
- Quality Group Command 188
- Quality Group Examples 189
- Show Quality Groups 190
- Delete a Quality Group 190
- VoIP Traffic Protection 191
- ARP Traffic Protection 191
- GoS Security Policy Examples 192
- GoS Statistics 193
- Quality Group Statistics 194
- Instantaneous Statistics 195
- Configuring QoS 197
- GoS Configuration 199
- Configuring Layer 2 QoS 201
- Example for port 1: 203
- Configuring Layer 3 QoS 204
- IICAD40CAD40 210
- SIP Servers 210
- MGCP Servers 210
- MGCP Gateway 211
- MGCP Configuration Steps 211
- MGCP Call Servers 212
- MGCP Server Profile Examples 213
- Show Server Settings 214
- Delete MGCP Server Profile 214
- Show MGCP Server Status 214
- MGCP Configuration 215
- MGCP Signaling Proxy (MSP) 216
- Show MGCP Call Statistics 219
- CA Port 221
- Act Calls 221
- Timeout 221
- Configuring the MGCP Gateway 223
- Configuration Restraints 224
- MGCP Gateway Example 225
- Show MGCP Gateway Status 226
- Show Media Stream Status 226
- MGCP Endpoints 227
- Media Settings Example 230
- Show Media Settings 230
- Show Media Status 230
- Access Control List (ACL) 232
- Access Control List Command 233
- ACL Entry Example 233
- Show ACL 234
- Show CDP Entry 234
- Show CDP Neighbors 235
- Call Admission Control (CAC) 236
- Show Call Admission Settings 237
- FXS Port Configuration 238
- VoIP Configuration 239
- Country Code Setting Example 239
- Show Country Code 239
- Jitter Buffer Settings 240
- Call Progress Tones 241
- Re-configure Tones 242
- Configuration Example 242
- DSP Gain Settings 243
- Line Impedance Settings 243
- Electrical Status 244
- Line Fault Testing 245
- Resistance Tests 246
- Monitored Calls 248
- VQM Analyser Command 249
- VQM Analyser Example 250
- Show VQM Call Summary 250
- Voice Quality Statistics 251
- Alarm Log Entries 252
- Alarm Statistics 252
- Call Records 253
- Show Call History 254
- VoIP Service Interruption 255
- Local Call Routing (LCR) Mode 256
- LCR Settings 257
- LCR Settings Command 258
- Show Gain Settings 260
- FxO Line Impedance Settings 260
- Local Call Routing 261
- Show FxO Impedance Settings 261
- Show LCR Status 262
- Show LCR Connections 262
- SIP Gateway 265
- SIP Configuration Steps 265
- SIP Call Server Access 266
- SIP Server Profile Command 267
- SIP Server Profile Examples 267
- Show SIP Server Settings 269
- Delete SIP Server Profile 270
- Show SIP Server Status 270
- SIP Session Controller 271
- SIP Signaling Proxy (SSP) 272
- SIP Configuration 273
- Show SIP Signaling Statistics 274
- Show SIP Call Statistics 275
- Show SIP Call Records 276
- Show Registered Endpoints 276
- SIP Gateway Settings Command 279
- SIP Gateway Settings Example 279
- SIP Gateway Configuration 280
- Media Stream 283
- Numbering Plan Command 284
- Numbering Plan Entry Examples 285
- Show Numbering Plan 287
- SIP Endpoints 288
- Verify Endpoint Registration 289
- IP Address Change 289
- Configuring SIP 290
- Step 5-Make calls 302
- DHCP Server 309
- VoIP Services and Relays 311
- DHCP Relay 312
- DNS Relay 313
- DNS Relay Example 314
- Show DNS Relay Settings 314
- Show DNS Sessions 314
- Show DNS Relay Cache 314
- SNTP Relay 315
- TFTP Relay 316
- TFTP Relay Settings Example 317
- Show TFTP Relay Settings 317
- Show TFTP Sessions 317
- TFTP File Cache 318
- TFTP Cache Example 319
- Show TFTP Cache Contents 319
- Delete Files to be Cached 320
- Clear TFTP Cache 320
- ONITORING 321
- Show Hardware Information 322
- Show System Status 322
- Show System Operation Summary 323
- Audit Logging 324
- Module Logging 325
- Logging Level Command 326
- Mapping Log Destinations 327
- Log Destination Map Examples 328
- Show Log Destination Map 328
- Show Module Log Entries 329
- Configure Log Server 329
- Ethernet Interface Statistics 331
- IP Stack Statistics 331
- IP Statistics 332
- ICMP Statistics 333
- UDP Statistics 335
- TCP Statistics 335
- 0 Checksum Error 0 336
- Monitoring 337
- Protocol Monitoring (PMON) 340
- Enable PMON Command 341
- PMON Trace Command 341
- PMON Configuration Example 342
- Show PMON Status 342
- Show PMON Traces 342
- Netflow Exporter 343
- Netflow Exporter Command 344
- Netflow Filter Command 345
- Netflow Configuration Example 345
- Show Netflow Status 346
- Show Netflow Filters 346
- Show Netflow Statistics 346
- Clear Netflow Statistics 346
- SNMP Agent 347
- SNMP Community Command 348
- Show SNMP Agent Configuration 349
- Show SNMP Agent Statistics 349
- Clear SNMP Statistics 351
- SNMP Traps 351
- TCPdump Command 352
- Monitoring Tools 353
- Limited Capture Example 354
- Ping Command 355
- Traceroute Command 356
- Traceroute Example 357
- File System 359
- File System Management 360
- Software Upgrades 361
- Software Upgrade Procedures 362
- Web UI Upgrade Procedure 363
- View Bootloader Version 369
- Restore the Configuration 369
- SFTP Upgrade Procedure 371
- Listing the Configuration 374
- NTERFACE 379
- Web UI Features 380
- Logging on to the Web UI 380
- Access Requirements 381
- Log on Procedure 381
- Web UI Screen Structure 382
- Operations Menu 383
- Web UI Menus 384
- Web User Interface 385
- Monitoring Example 390
- Wizards Example 391
- Exit Web UI 396
- Software Applications 399
- UNCTIONALITY 401
- Authentication 402
- Service Functions 403
- SSH System Architecture 404
- SSH-AUTH 405
- SSH-CONNECTION 405
- XPRESSIONS 407
- TCPdump Expressions 409
- TANDARDS 411
- OMPLIANCE 411
- Security 412
- Quality of Service 412
- Services 413
- Voice Standards 414
- MGCP Session Controller 415
- Standards Compliance 417
- Declaration of Conformity 420
- Supplementary Information 421
- OPYRIGHT 423
- NFORMATION 423
- Copyright Information 425
- Glossary 431
- WinSCP3 399 455
- X509 CSR 41 455
Related products and manuals for Routers Avaya BSGX4e
Routers Avaya Passport ARN Routers User Manual
(166 pages)
(166 pages)
Routers Avaya BCC Quick Start Guide
(4 pages)
(4 pages)
Routers Avaya FireWall-1 User Manual
(56 pages)
(56 pages)
Routers Avaya BSG8/12 1.0 User Manual
(862 pages)
(862 pages)
Routers Avaya C360 User Manual
(238 pages)
(238 pages)
Routers Avaya P460 User Manual
(96 pages)
(96 pages)
Routers Avaya P114F User Manual
(14 pages)
(14 pages)
Routers Avaya M15-155 User Manual
(14 pages)
(14 pages)
Routers Avaya P460 User Manual
(224 pages)
(224 pages)
© 2020, manymanuals.com. All rights reserved. | 1.764 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals