Profile Overrides - NAT Pool

About this task

NAT (Network Address Translation) is a technique to modify network address information within IP packet headers in transit. This enables mapping one IP address to another to protect wireless controller, service platform or access point managed network address credentials. With typical deployments, NAT is used as an IP masquerading technique to hide private IP addresses behind a single, public facing, IP address.

Additionally, NAT is a process of modifying network address information in IP packet headers while in transit across a traffic routing device for the purpose of remapping one IP address to another. In most deployments NAT is used in conjunction with IP masquerading which hides RFC1918 private IP addresses behind a single public IP address.

NAT can provide a profile outbound internet access to wired and wireless hosts connected to a controller, service platform or access point. Many-to-one NAT is the most common NAT technique for outbound internet access. Many-to-one NAT allows a controller, service platform or access point to translate one or more internal private IP addresses to a single, public facing, IP address assigned to a 10/100/1000 Ethernet port or 3G card.

Note

Note

The wiNG 7.1 release does not support NAT on AP505 and AP510 model access points. This feature will be supported in future releases.

To override an access point profile's NAT configuration:

Procedure

  1. Go to Configuration → Devices → Device Overrides.

    The Device Overrides screen displays. This screen lists devices within the managed network.

  2. Select an access point.

    The selected access point's configuration menu displays.

  3. Expand Profile Overrides → Security and select NAT.

    The NAT Pool screen displays by default. This screen lists the NAT policies that have been created thus far. Any of these policies can be selected and applied to a profile.

    Note

    Note

    A blue override icon (to the left of a parameter) defines the parameter as having an override applied. To remove an override go to the Basic Configuration section of the device and click Clear Overrides. This removes all overrides from the device.

    Click to expand in new window
    Profile Overrides - Security - NAT Pool Main Screen
    GUID-D705511E-E4C2-4D30-B11F-FD0F8B87A5A3-low.png
  4. To modify an existing NAT policy, select it and click Edit.

    To create a new NAT policy, click Add. To delete an obsolete NAT policy, select it and click Delete.

    The NAT Pool window displays.

    Click to expand in new window
    NAT Configuration - Add/Edit NAT Pool Window
    GUID-6EA8F17D-2C05-4690-B1F7-33AA8845BF3B-low.png
  5. If adding a new NAT policy, in the Name field, provide a name to help distinguish it from others with similar configurations.
  6. In the IP Address Range table, click + Add Row and define a range of IP addresses.

    The IP addresses defined here are hidden from the public internet. NAT modifies network address information in the defined IP range while in transit across a traffic routing device. NAT only provides IP address translation and does not provide a firewall. A branch deployment with NAT by itself will not block traffic from potentially being routed through a NAT device. Consequently, NAT should be deployed with a stateful firewall.

    Start IP

    Enter the first IP address in the range

    End IP

    Enter the last IP address in the range.

  7. Click OK to save the NAT pool configuration changes.

    Click Reset to revert to the last saved configuration.