How periodically, it would generate packets How many NAT sessions are expected ?   Following table shows how to configure timeout values for different protocols.   Configuration of Session Timeout (TCP, UDP - It has two timeouts as well.                                                                                        Initial Timeout - It kicks in before the connection moves into Active state. Inside VRF (ivrf1) will be used during the forwarding lookup.   Step 3: NAT44 Application performs necessary action for the packet.

Define address family   address-family ipv4 unicast     ! Using the following CLI, the test is enabled. Launch the Smart PC Fixer software and make a extensive scan for the computer. 3. Rest of the configuration remain the same.   Configuration for Shared / Common Outside VRF service cgn cgn1   service-type nat44 nat1     ! 1st Inside VRF     inside-vrf ivrf1      

How much would the cost of disk space ?   Following table shows how to configure different external logging parameters.   Configuration of External Logging Parameters service cgn cgn1  service-type nat44 The NAT DB entry is deleted when the flow terminates (because of timeout and any user intervention).   On VSM, we support millions of NAT translations with high (in thousands and Define static route for Outside-to-inside traffic ! ------------------------------------------------- router static  vrf ovrf1   address-family ipv4 unicast ServiceApp 2 router static  vrf ovrf2   address-family ipv4 unicast ServiceApp

Configuration of HA  Data-Path tests ! Also, as the NAT entry is permanent, O2I traffic always finds the entry and using the same can translate the packet (without dropping it).   Staic Port Forwarding entries can be If O2I traffic reaches VSM for which there is no NAT entry, the packets will be dropped. Define NAT44 Service Type and instance (one per VSM card)  service-type nat44 nat1   !

VSM (Virtualized Services Module) on ASR9K is a Service Card which provides different CGv6 Applications. When the previously Active VSM comes up, it stays as Stand-by and the traffic does not come back to it (until the Active VSM card fails) Each VSM can support full Using consecutive numbers for ServiceApp interface pair will be recommended (as shown above).   Following diagram provides summary / overview of NAT44 configuration for VSM.     Below are sample configurations

ServiceInfra interface cannot be in any VRF (needs to be in default VRF). This is because BPA requires logging record to be generated for a  set of NAT entries whereas DBL requires logging record to be generated  for each NAT entry.

Divert traffic to 2nd Outside ServiceApp ServiceApp 4     Back to top 26. Define CGN Instance ! ------------------- service cgn cgn1  ! What it means is - in addition to IPv4 address, Layer 4 (UDP/TCP) port is also translated by NAT44.   NOTE: Unless mentioned otherwise, in this document, NAT44 will indicate translation

Whenther Public side traffic can / should go in a VRF or not ? However, there are cases, where a server resides

Enable RTSP ALG     alg rtsp    !

NAT Session Timeouts (TCP, UDP, ICMP)   As the new flows creates NAT entries, we need a way to delete those NAT entries as well. Configure preferred-active and preferred-standby VSM service cgn cgn1   service-location preferred-active 0/1/cpu0 preferred-standby 0/2/cpu0   service-type nat44 nat1     inside-vrf inside1       map address-pool       ! A9K-XLAT-LIC-5M Cisco ASR 9000 CGN / NAT44 License (1 per 5 million translations) For 60 Millions translations, 12 of these licenses will be needed.

A new flow arrives (with new port, but same IP) N/A N/A New Port (8236) allocation happens (from same port range). NAT44 on VSM Configuration   Before we start configuring NAT44 on VSM, let us understand the following concepts related to NAT44 implementation on VSM.   CGN Instance - On each VSM A NAT table is maintained at CPE NAT level as well.

To check the health of the VSM card and trigger redundancy switchover, in case any failure occurs, following HA-specific test can be enabled: Data Path Test - It checks if the packet path Default: 30 sec.

