Configure NAT outbound on S series switches to allow private network users to access public networks

2

S7700, S9700, and S9300 series modular switches use SPUs to support the NAT outbound function.

Other related questions:
Configure NAT server on S series switches to allow public network users to access servers on the private network
S7700, S9700, and S9300 series modular switches use SPUs to support the NAT server function.

How the terminal is configured in a private network during private and public networking
To configure the terminal in a private network, start the NAT and configure the NAT address. The procedure for configuring the NAT is as follows: On the screen controlled by the remote control, choose Settings > Network > IP > Firewall, start the NAT, and set NAT address parameters. Configure the NAT address mapping on the router. For details, contact the router vendor. NOTE: The parameter NAT address is the IP address of the terminal in the public network. By using the network address translation (NAT) technology, a device within the LAN can use a dedicated internal IP address and an external IP address that can be used for the communications with external devices. If the NAT technology is used, set the IP address in the WAN for the terminal.

SIP users fail to be registered after outbound NAT is configured and canceled on the public network interface of the AR
Q: SIP users fail to be registered after outbound NAT is configured and canceled on the public network interface of the AR. A: SIP users connect to the SIP server through the AR enabled with outbound NAT. The ALG function is disabled for SIP, so STP packets cannot traverse the NAT device. As a result, the SIP server cannot communicate with SIP users and SIP users fail to be registered. When registration request packets of SIP users pass through the AR, the AR generates NAT session entries to record packet information and updates entries and the aging time after new packets are received. After the aging time is reached, the NAT session entries that fail to be updated are automatically cleared. Therefore, the SIP users that fail to be registered continue to send registration request packets. NAT session entries cannot be directly cleared after outbound NAT is canceled, and are automatically cleared after the aging time is reached. Because SIP users continuously send registration request packets, the AR continuously update NAT session entries and theaging time. That is, the NAT session entries cannot be automatically cleared. As a result, the SIP users fail to be registered. Run the nat alg command to enable ALG for SIP so that the SIP server can communicate with SIP users after outbound NAT is configured. In addition, run the reset nat session all command to forcibly clear the NAT session entries and quickly change the NAT configuration. Or, you can run the reset nat session all command to forcibly clear NAT session entries after outbound NAT is canceled, so that the SIP server can communicate with SIP users. Note: Deleting NAT mapping entries may affect exchange of some packets.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top