(Optional) Enabling NAT ALG
Context
Generally, NAT translates only the IP address in the IP packet header and the interface number in the TCP/UDP header. Packets of some protocols such as DNS and FTP contain the IP address or interface number in the Data field. Such content cannot be translated using NAT. Therefore, communication between internal and external networks will fail.
The application level gateway (ALG) function enables the NAT device to identify the IP address or interface number in the Data field, and translate addresses based on the mapping table. In this way, packets can traverse NAT devices. Currently, the ALG function supports DNS, FTP, SIP, PPTP, and RTSP.
Procedure
- Run system-view
The system view is displayed.
- Run nat alg { all | protocol-name } enable
The NAT ALG function for specified application protocols is enabled.
By default, the NAT ALG function is disabled.
- (Optional) Run port-mapping { dns | ftp | sip | rtsp | pptp } port port-number acl acl-number
The port mapping is configured.
Run the port-mapping command to configure port mapping when the application protocol that is enabled with the NAT ALG function uses a non-well-known port number, namely a non-default port number.