Nat Application Level Gateway - Cisco ASR 5000 series Product Overview

▀ NAT Feature Overview

NAT Application Level Gateway

Some network applications exchange IP/port information of the host endpoints as part of the packet payload. This
information is used to create new flows, by server or client.
As part of NAT ALGs, the IP/port information is extracted from the payload, and the flows are allowed dynamically
(through pinholes). IP and port translations are done accordingly. However, the sender application may not be aware of
these translations since these are transparent, so they insert the private IP or port in the payload as usual.
For example, FTP NAT ALG interprets ―PORT‖ and ―PASV reply‖ messages, and NAT translates the same in the
payload so that FTP happens transparently through NAT. This payload-level translation is handled by the NAT ALG
module.
The NAT module will have multiple NAT ALGs for each individual application or protocol.
Supported NAT ALGs
This release supports NAT ALGs only for the following protocols:
File Transfer Protocol (FTP)
Point-to-Point Tunneling Protocol (PPTP): If PPTP ALG is enabled, NAT is supported for GRE flows that are
generated by PPTP.
Real Time Streaming Protocol (RTSP)
Session Initiation Protocol (SIP)
Trivial File Transfer Protocol (TFTP)
For NAT ALG processing, in the rulebase, routing rules must be configured to route packets to the corresponding
analyzers.
EDRs and UDRs
This section describes the NAT-specific attributes supported in EDRs and UDRs.
EDRs
The following NAT-specific attributes are supported in regular EDRs:
sn-nat-subscribers-per-ip-address: Subscriber(s) per NAT IP address
sn-subscriber-nat-flow-ip: NAT IP address of NAT-enabled subscribers
▄ Cisco ASR 5000 Series Product Overview
Network Address Translation Overview
OL-22938-02