Profile Overrides - Bridge NAT

About this task

Use Bridge NAT to manage Internet traffic originating at a remote site. In addition to traditional NAT functionality, Bridge NAT provides a means of configuring NAT for bridged traffic through an access point. NAT rules are applied to bridged traffic through the access point, and matching packets are NATed to the WAN link instead of being bridged on their way to the router.

Using Bridge NAT, a tunneled VLAN (extended VLAN) is created between the NoC and a remote location. When a remote client needs to access the Internet, Internet traffic is routed to the NoC, and from there routed to the Internet. This increases the access time for the end user on the client.

To resolve latency issues, Bridge NAT identifies and segregates traffic heading towards the NoC and outwards towards the Internet. Traffic towards the NoC is allowed over the secure tunnel. Traffic towards the Internet is switched to a local WLAN link with access to the Internet.
Note

Note

Bridge NAT supports single AP deployments only. This feature cannot be used in a branch deployment with multiple access points.

To override an access point profile's Bridge NAT configuration:

Procedure

  1. Go to Configuration → Devices → Device Overrides.

    The Device Overrides screen displays. This screen lists devices within the managed network.

  2. Select an access point.

    The selected access point's configuration menu displays.

  3. Expand Profile Overrides → Security and select Bridge NAT.

    The Bridge NAT configuration screen displays.

    Click to expand in new window
    Profile Overrides - Bridge NAT Configuration - Main Screen
    GUID-FF0A5ADA-01D3-42DB-99CB-1332F68B8784-low.png
  4. Review the following to determine whether a new Bridge NAT configuration requires creation or an existing configuration modified or removed:

    Access List

    Lists the ACL applying IP address access/deny permission rules to the Bridge NAT configuration.

    Interface

    Lists the communication medium (outgoing layer 3 interface) between source and destination points. This is either the access point's pppoe1 or wwan1 interface or the VLAN used as the redirection interface between the source and destination.

    NAT Pool

    Lists the names of existing NAT pools used with the Bridge NAT configuration. This displays only when the Overload Type , in the Bridge NAT configuration, is set to NAT Pool.

    Overload IP

    Lists the IP address used globally for numerous local addresses.

    Overload Type

    Lists the overload type used with the listed IP ACL rule. Displays as either NAT Pool, One Global Address or Interface IP Address.

    ACL Precedence

    Lists the administrator assigned priority set for the ACL. The lower the value, higher is the priority assigned to the ACL rules.

  5. To override an existing Bridge NAT configuration, select it from the displayed list and click Edit.

    To create a new Bridge NAT configuration, click Add. To delete an obsolete configuration, select it and click Delete.

    The Dynamic NAT configuration window displays.

    Click to expand in new window
    Profile Overrides - Bridge NAT - Add/Edit Dynamic NAT Window
    GUID-6DBB564A-312F-465C-BA7A-C8287B1F7EAE-low.png
  6. Use the Access List drop-down menu to select and apply an ACL to the policy based forwarding rule.

    A new ACL can be defined by selecting the Create icon, or an existing set of IP ACL rules can be modified by selecting the Edit icon.

  7. In the IP Address Range table, review the existing IP addresses and address ranges configured to access the Internet.

    Interface

    Lists the outgoing layer 3 interface on which traffic is re-directed. The interface can be an access point WWAN or PPPoE interface. Traffic can also be redirected to a designated VLAN.

    NAT Pool

    Displays the NAT pool used by this Bridge NAT entry. A value is only displayed only when Overload Type has been set to NAT Pool.

    Overload IP

    Lists the IP address used to represent a large number local addresses for this configuration.

    Overload Type

    Displays the override type for this policy based forwarding rule.

  8. Select + Add Row to set new IP Address Range settings for the Bridge NAT configuration.

    The Add Row window displays.

    Click to expand in new window
    Bridge NAT - Dynamic NAT - Add IP address and Address Configuration Window
    GUID-1A2AE517-4698-4421-830E-64839D2B280E-low.png
  9. Select OK to save the Add Row and Dynamic NAT screens.

    Select Reset to revert to the last saved configuration.