Configuring NAT Translation per IP Interface

The NAT Translation table lets you configure up to 32 network address translation (NAT) rules for translating source IP addresses into NAT IP addresses (global - public) when the device is located behind NAT.

The device's NAT traversal mechanism replaces the source IP address of SIP messages sent from a specific IP Interface (Control or Media) in the IP Interfaces table (or from a specific IP address) to a public IP address. This allows, for example, the separation of VoIP traffic between different ITSPs and topology hiding of internal IP addresses from the “public” network. Each IP Interface (configured in the IP Interfaces table) can be associated with a NAT rule, translating the source IP address and port of the outgoing packet into the NAT address (IP address and port range).

For Mediant CE, each remote IP Interface for media on the Media Components can be associated with a NAT rule.
For Mediant VE in HA mode that is deployed on the Azure cloud platform, because active and redundant devices have identical IP Interface names, NAT configuration is done using their local source IP addresses (instead of source interface).

The following procedure describes how to configure NAT translation rules through the Web interface. You can also configure it through ini file [NATTranslation] or CLI (configure network > nat-translation).

To configure NAT translation rules:
1. Open the NAT Translation table (Setup menu > IP Network tab > Core Entities folder > NAT Translation).
2. Click New; the following dialog box appears:

The figure above is used only as an example. Some parameters in the NAT Translation table may only appear for specific devices and for specific cloud platforms on which the device is deployed.
3. Configure a NAT translation rule according to the parameters described in the table below.
4. Click Apply, and then save your settings to flash memory.

NAT Translation Table Parameter Descriptions

Parameter

Description

Source

'Index'

index

[Index]

Defines an index number for the new table row.

Note: Each row must be configured with a unique index.

'Source Interface'

src-interface-name

[SrcIPInterfaceName]

Assigns an IP Interface (configured in the IP Interfaces table) to the rule. Outgoing packets sent from the specified network interface are NAT'ed.

By default, no value is defined.

To configure IP Interfaces, see Configuring IP Network Interfaces.

Note: For Mediant VE in HA mode that is deployed on the Azure cloud platform, ignore this parameter.

'Source IP Address'

source-ip-address

[SourceIPAddress]

Defines the source IP address (IPv4 or IPv6). The device performs NAT translation on outgoing packets that are sent from this address.

For Mediant VE in HA mode deployed on Azure, you need to configure two rules in the NAT Translation table; one for the active device and one for the redundant device. For these rules, configure the parameter to the local IP address of the active and redundant devices, respectively.

By default, no value is defined.

Note:

The parameter is applicable only to Mediant VE in HA mode that is deployed on the Azure cloud platform.
Do not configure the 'Source Interface' parameter (above).

'Remote Interface Name'

remote-interface-name

[RemoteInterfaceName]

Assigns a media IP network interface (listed in the Remote Media Interface table, described in Configuring Remote Media Interfaces) of the remote Media Component(s) operating under the Cluster Manager (Signaling Component).

The NAT Translation table applies to both signaling and media interfaces. When working with Mediant CE in a NAT’ed environment, typically two separate rows in the table are required to translate between public and private IP addresses:

One row for the signaling interface, which translates between private and public IP addresses for the Signaling Component (SC):
Assign the corresponding IP network interface, using the 'Source Interface' parameter (above).
When installed on AWS, configure the 'Target IP Mode' parameter to Automatic, as the device automatically learns the Elastic IP address attached to it.
When installed on other cloud platforms, configure the 'Target IP Mode' parameter to Manual and explicitly configure the corresponding IP address.
One row for the media interface, which translates the IP address of each MC to the corresponding public IP address according to the MC's NAT Translation table:
Assign the corresponding remote IP network interface (i.e., network interface of MCs), using the 'Remote Interface Name' parameter.
Configure the 'Target IP Mode' parameter to Automatic (i.e., the IP address of the corresponding MC is used).

Note: The parameter is applicable only to Mediant CE SBC and when the 'Cluster Mode' parameter [SbcClusterMode] is configured to Media Cluster.

'Source Start Port'

src-start-port

[SourceStartPort]

Defines the optional starting port range (0-65535) of the IP interface, used as matching criteria for the NAT rule. If not configured, the match is done on the entire port range. Only IP addresses and ports of matched source ports will be replaced.

'Source End Port'

src-end-port

[SourceEndPort]

Defines the optional ending port range (0-65535) of the IP interface, used as matching criteria for the NAT rule. If not configured, the match is done on the entire port range. Only IP addresses and ports of matched source ports will be replaced.

Target

'Target IP Mode'

tar-ip-mode

[TargetIpMode]

Defines the NAT IP address mode when the device is deployed in an Amazon Web Services (AWS) cloud-computing environment.

Manual = (Default) This mode is typically needed if you are using an external NAT device. If you select this mode, you must configure the IP address (public) of the external NAT device, using the 'Target IP Address' parameter (see below).
Automatic = This mode is needed if your AWS environment has been configured with an Elastic IP address and you want the device to automatically associate it with the selected source interface (above) as the global (public) IP address.

Note:

The parameter is applicable (and available) only when the device is deployed in an AWS environment.
For Mediant CE: When you configure the NAT rule with the 'Remote Interface Name' parameter (above), configure the 'Target IP Mode' parameter to Automatic.

'Target IP Address'

target-ip-address

[TargetIPAddress]

Defines the global (public) IP address. The device adds the address in the outgoing packet to the SIP Via header, Contact header, 'o=' SDP field, and 'c=' SDP field.

Note:

If your device is deployed in an AWS environment and you have configured the 'Target IP Mode' parameter (see above) to Manual, then you need to configure this parameter.
For Mediant CE: When you configure the NAT rule with the 'Remote Interface Name' parameter (above), the target IP addresses are addresses of all the Media Components associated with the assigned Remote Interface Name. In this scenario, the 'Target IP Address' field in the Web interface is empty (even though the rule is valid for all the Media Components).

'Automatic Target IP Address'

(Read-only field) Displays the global (public / Elastic) IP address associated with the selected source interface (see above), when the 'Target IP Mode' parameter (see above) is configured to Automatic.

Note: The parameter is applicable (and available) only when the device is deployed in an AWS environment.

'Target Start Port'

target-start-port

[TargetStartPort]

Defines the optional starting port range (0-65535) of the global address. If not configured, the ports are not replaced. Matching source ports are replaced with the target ports. This address is set in the SIP Via and Contact headers and in the 'o=' and 'c=' SDP fields.

'Target End Port'

target-end-port

[TargetEndPort]

Defines the optional ending port range (0-65535) of the global address. If not configured, the ports are not replaced. Matching source ports are replaced with the target ports. This address is set in the SIP Via and Contact headers and in the 'o=' and 'c=' SDP fields.