Configuring NAT Translation per IP Interface

The NAT Translation table lets you configure up to 32 network address translation (NAT) rules for translating source IP addresses into NAT IP addresses (global - public) when the device is located behind NAT.

The device's NAT traversal mechanism replaces the source IP address of SIP messages sent from a specific IP Interface (Control or Media) in the IP Interfaces table to a public IP address. This allows, for example, the separation of VoIP traffic between different ITSPs and topology hiding of internal IP addresses from the “public” network. Each IP Interface (configured in the IP Interfaces table) can be associated with a NAT rule, translating the source IP address and port of the outgoing packet into the NAT address (IP address and port range).

The following procedure describes how to configure NAT translation rules through the Web interface. You can also configure it through ini file [NATTranslation] or CLI (configure network > nat-translation).

To configure NAT translation rules:
1. Open the NAT Translation table (Setup menu > IP Network tab > Core Entities folder > NAT Translation).
2. Click New; the following dialog box appears:

3. Configure a NAT translation rule according to the parameters described in the table below.
4. Click Apply, and then save your settings to flash memory.

NAT Translation Table Parameter Descriptions

Parameter

Description

Source

'Index'

index

[Index]

Defines an index number for the new table row.

Note: Each row must be configured with a unique index.

'Source Interface'

src-interface-name

[SrcIPInterfaceName]

Assigns an IP Interface (configured in the IP Interfaces table) to the rule. Outgoing packets sent from the specified network interface are NAT'ed.

By default, no value is defined.

To configure IP Interfaces, see Configuring IP Network Interfaces.

'Source Start Port'

src-start-port

[SourceStartPort]

Defines the optional starting port range (0-65535) of the IP interface, used as matching criteria for the NAT rule. If not configured, the match is done on the entire port range. Only IP addresses and ports of matched source ports will be replaced.

'Source End Port'

src-end-port

[SourceEndPort]

Defines the optional ending port range (0-65535) of the IP interface, used as matching criteria for the NAT rule. If not configured, the match is done on the entire port range. Only IP addresses and ports of matched source ports will be replaced.

Target

'Target IP Address'

target-ip-address

[TargetIPAddress]

Defines the global (public) IP address. The device adds the address in the outgoing packet to the SIP Via header, Contact header, 'o=' SDP field, and 'c=' SDP field.

'Target Start Port'

target-start-port

[TargetStartPort]

Defines the optional starting port range (0-65535) of the global address. If not configured, the ports are not replaced. Matching source ports are replaced with the target ports. This address is set in the SIP Via and Contact headers and in the 'o=' and 'c=' SDP fields.

'Target End Port'

target-end-port

[TargetEndPort]

Defines the optional ending port range (0-65535) of the global address. If not configured, the ports are not replaced. Matching source ports are replaced with the target ports. This address is set in the SIP Via and Contact headers and in the 'o=' and 'c=' SDP fields.