nat alg (NAT instance view)
Function
The nat alg command enables the NAT application level gateway (ALG) function to monitor specified application protocols.
The undo nat alg command disables NAT ALG from monitoring application protocols.
By default, NAT ALG for ICMP is enabled.
This command is supported only on the NetEngine 8000 F1A.
Parameters
| Parameter | Description | Value |
|---|---|---|
| dns |
Enables NAT ALG for DNS. |
- |
| ftp |
Sets the NAT ALG rate at which FTP packets are sent. |
- |
| rate-threshold rate-threshold-value |
Enables NAT ALG for FTP. NAT ALG does not support SFTP or FTPS. |
The value is an integer ranging from 64 to 15000, in packets/second. |
| pptp |
Enables NAT ALG for PPTP. |
- |
| rtsp |
Enables NAT ALG for RTSP. |
- |
| sip |
Enables NAT ALG for SIP. |
- |
| all |
Enables NAT ALG for all protocols. |
- |
| separate-translation |
Specifies that the SIP control channel and data channel match an address-based NAT server separately in the NAT instance view for NAT. |
- |
Usage Guidelines
Usage Scenario
NAT can be used to translate only the IP addresses contained in user data packets and the port information in the TCP/UDP headers of the data packets. For special protocols, such as FTP, the Data field in a packet can contain IP address or port information. Inconsistency occurs and errors are caused if the IP address or port information in the Data field of a packet is not translated. A good way to solve the NAT issue for these special protocols is to use the ALG function. As a special conversion agent for application protocols, the ALG interacts with the NAT device to establish states. It uses NAT state information to change the specific data in the Data field of IP packets and to complete other necessary work, so that application protocols can run across internal and external networks.
Configuration Impact
After ALG is enabled in the NAT instance view, traffic of the specified application protocols in a specified NAT instance can be processed by ALG.
Precautions
After ALG is enabled, it takes effect for new sessions, but does not take effect for the existing sessions. If ALG needs to be configured for the existing sessions, run the reset nat session table command to recreate sessions.