Overriding NAT Configuration

About this task

NAT (Network Address Translation) is a technique to modify network address information within IP packet headers in transit. This enables mapping one IP address to another to protect wireless controller, service platform or access point managed network address credentials. With typical deployments, NAT is used as an IP masquerading technique to hide private IP addresses behind a single, public facing, IP address.

Additionally, NAT is a process of modifying network address information in IP packet headers while in transit across a traffic routing device for the purpose of remapping one IP address to another. In most deployments NAT is used in conjunction with IP masquerading which hides RFC1918 private IP addresses behind a single public IP address.

NAT can provide a profile outbound internet access to wired and wireless hosts connected to a controller, service platform or access point. Many-to-one NAT is the most common NAT technique for outbound internet access. Many-to-one NAT allows a controller, service platform or access point to translate one or more internal private IP addresses to a single, public facing, IP address assigned to a 10/100/1000 Ethernet port or 3G card.

To define or override a NAT configuration that can be applied to a profile:

Procedure

  1. Select Configuration → Devices from the web UI.
    The Device Configuration screen displays a list of managed devices or peer controllers, service platforms, or access points.
  2. Select a target device in the lower left-hand side of the UI.
    You can also select a target device by double-clicking it in the list in the Device Configuration screen.
  3. Select Profile Overrides → Security.
  4. Select NAT.
    The NAT Pool screen displays by default.
    Note

    Note

    A blue override icon (to the left of a parameter) defines the parameter as having an override applied. To remove an override go to the Basic Configuration section of the device and click Clear Overrides. This removes all overrides from the device.
    Click to expand in new window
    Device Overrides - NAT Pool Screen
    GUID-D705511E-E4C2-4D30-B11F-FD0F8B87A5A3-low.png
  5. Review existing NAT policies to determine if a new policy warrants creation or an existing policy warrants modification or deletion. You can select and apply any of these policies to a profile.
  6. Click Add to create a new NAT policy that can be applied to a profile.
    Click Edit to modify or override the attributes of a existing policy, or click Delete to remove obsolete NAT policies from the list of those available to a profile.
    Click to expand in new window
    Device Overrides - Security - NAT Pool Screen
    GUID-6EA8F17D-2C05-4690-B1F7-33AA8845BF3B-low.png
  7. If you are adding a new NAT pool policy or editing the configuration of an existing policy, define the following parameters:
    Name If you are adding a new NAT policy, provide a name to help distinguish it from others with similar configurations. The length cannot exceed 64 characters.
    IP Address Range Define a range of IP addresses that are hidden from the public internet. NAT modifies network address information in the defined IP range while in transit across a traffic routing device. NAT only provides IP address translation and does not provide a firewall. A branch deployment with NAT by itself will not block traffic from potentially being routed through a NAT device. Consequently, NAT should be deployed with a stateful firewall.
  8. Click + Add Row, in the IP Address Range table to append additional rows.
  9. Click OK to save the changes made to the profile's NAT pool configuration.
    Click Reset to revert to the last saved configuration.