3.2.21. cg-nat¶

Note

requires a CG-NAT Application License.

CG-NAT configuration.

vsr running config# vrf <vrf> cg-nat

enabled¶

Enable/disable CG-NAT in this VRF.

vsr running config# vrf <vrf> cg-nat
vsr running cg-nat# enabled true|false

Default value: true

alg¶

Application-Level Gateway.

vsr running config# vrf <vrf> cg-nat
vsr running cg-nat# alg ALG

`ALG` values	Description
ftp	ALG for File Transfer Protocol.
h323-q931	ALG for H.225.0 Call Signaling Protocol.
h323-ras	ALG for H.225.0 Registration, Admission and Status Protocol.
pptp	ALG for Point-to-Point Tunneling Protocol.
rtsp	ALG for Real Time Streaming Protocol.
sip-tcp	ALG for Session Initiation Protocol over TCP.
sip-udp	ALG for Session Initiation Protocol over UDP.
tftp	ALG for Trivial File Transfer Protocol.
dns-udp	ALG for Domain Name System.

Default value: dns-udp

pool¶

Pools of IP addresses for the CG-NAT rules.

vsr running config# vrf <vrf> cg-nat pool <string>

Pool name.

address¶

IPv4 addresses in the pool.

vsr running config# vrf <vrf> cg-nat pool <string>
vsr running pool <string># address ADDRESS

ADDRESS

An IPv4 address, addresses range or subnet.

block-allocation-mode¶

Algorithm used to associate blocks to user.

vsr running config# vrf <vrf> cg-nat pool <string>
vsr running pool <string># block-allocation-mode BLOCK-ALLOCATION-MODE

`BLOCK-ALLOCATION-MODE` values	Description
dynamic	Blocks are allocated dynamically to any user.
deterministic	Blocks are allocated deterministically. It means the same block is always allocated to the same user.

Default value: dynamic

block-size¶

Number of ports that will be assigned to a given user.

vsr running config# vrf <vrf> cg-nat pool <string>
vsr running pool <string># block-size <uint32>

port-range¶

Range of ports used for each address of the pool.

vsr running config# vrf <vrf> cg-nat pool <string>
vsr running pool <string># port-range START END

START¶

Port range start.

START

START

A 16-bit port number used by a transport protocol such as TCP or UDP.

END¶

Port range end.

END

END	A 16-bit port number used by a transport protocol such as TCP or UDP.

rule¶

List of CG-NAT rules.

vsr running config# vrf <vrf> cg-nat rule <uint16>

Id and priority of the rule. Higher number means lower priority.

deterministic-snat44¶

Deterministic source NAT44 translation.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44

match¶

Match parameters.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 match

outbound-interface (mandatory)¶

Interface to match on outbound.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 match
vsr running match# outbound-interface OUTBOUND-INTERFACE

OUTBOUND-INTERFACE

An interface name.

source¶

Match on source address.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 match source

ipv4-address¶

Match on source address.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 match source
vsr running source# ipv4-address IPV4-ADDRESS

IPV4-ADDRESS

An IPv4 prefix: address and CIDR mask.

translate-to¶

Translate to.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to

pool-name (mandatory)¶

Name of IP address pool used for translation.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to
vsr running translate-to# pool-name <leafref>

max-conntracks-per-user¶

Maximum number of conntracks assigned to a user. When set to 0, the number of conntracks is not limited.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to
vsr running translate-to# max-conntracks-per-user <uint32>

port-algo¶

Port allocation algorithm for new mappings.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to
vsr running translate-to# port-algo PORT-ALGO

`PORT-ALGO` values	Description
parity	Preserve port parity: an even port will be mapped to an even port, and an odd port will be mapped to an odd port.
random	Choose port randomly.

endpoint-mapping¶

NAT endpoint mapping behavior.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to
vsr running translate-to# endpoint-mapping ENDPOINT-MAPPING

`ENDPOINT-MAPPING` values	Description
dependent	Reuse port mapping for subsequent packets sent from the same internal IP address and port to the same external IP address and port.
independent	Reuse the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port.

endpoint-filtering¶

NAT endpoint filtering behavior.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to
vsr running translate-to# endpoint-filtering ENDPOINT-FILTERING

`ENDPOINT-FILTERING` values	Description
dependent	Inbound packets from external endpoints are filtered out if they don’t fully match an existing mapping (IP/port src/dst).
independent	Inbound packets from external endpoints are filtered out only if their destination IP address and port don’t match an existing mapping (IP/port src can differ).

hairpinning¶

Enable communication between two hosts on the internal network, using their mapped endpoint.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to
vsr running translate-to# hairpinning true|false

address-pooling¶

CG-NAT Address Pooling mode.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat44 translate-to
vsr running translate-to# address-pooling ADDRESS-POOLING

`ADDRESS-POOLING` values	Description
paired	In paired mode, the same IP of the pool is used to translate all the sessions originating from the same CPE.
no-paired	In no-paired mode, different IPs of the pool can be used to translate different sessions originating from the same CPE.

deterministic-snat64¶

Deterministic source NAT64 translation.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64

match¶

Match parameters.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 match

outbound-interface (mandatory)¶

Interface to match on outbound.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 match
vsr running match# outbound-interface OUTBOUND-INTERFACE

OUTBOUND-INTERFACE

An interface name.

source¶

Match on source address.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 match source

ipv6-address¶

Match on source address.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 match source
vsr running source# ipv6-address IPV6-ADDRESS

IPV6-ADDRESS

An IPv6 prefix: address and CIDR mask.

translate-to¶

Translate to.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to

pool-name (mandatory)¶

Name of IP address pool used for translation.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to
vsr running translate-to# pool-name <leafref>

max-conntracks-per-user¶

Maximum number of conntracks assigned to a user. When set to 0, the number of conntracks is not limited.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to
vsr running translate-to# max-conntracks-per-user <uint32>

port-algo¶

Port allocation algorithm for new mappings.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to
vsr running translate-to# port-algo PORT-ALGO

`PORT-ALGO` values	Description
parity	Preserve port parity: an even port will be mapped to an even port, and an odd port will be mapped to an odd port.
random	Choose port randomly.

endpoint-mapping¶

NAT endpoint mapping behavior.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to
vsr running translate-to# endpoint-mapping ENDPOINT-MAPPING

`ENDPOINT-MAPPING` values	Description
dependent	Reuse port mapping for subsequent packets sent from the same internal IP address and port to the same external IP address and port.
independent	Reuse the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port.

endpoint-filtering¶

NAT endpoint filtering behavior.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to
vsr running translate-to# endpoint-filtering ENDPOINT-FILTERING

`ENDPOINT-FILTERING` values	Description
dependent	Inbound packets from external endpoints are filtered out if they don’t fully match an existing mapping (IP/port src/dst).
independent	Inbound packets from external endpoints are filtered out only if their destination IP address and port don’t match an existing mapping (IP/port src can differ).

hairpinning¶

Enable communication between two hosts on the internal network, using their mapped endpoint.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to
vsr running translate-to# hairpinning true|false

address-pooling¶

CG-NAT Address Pooling mode.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to
vsr running translate-to# address-pooling ADDRESS-POOLING

`ADDRESS-POOLING` values	Description
paired	In paired mode, the same IP of the pool is used to translate all the sessions originating from the same CPE.
no-paired	In no-paired mode, different IPs of the pool can be used to translate different sessions originating from the same CPE.

destination-prefix¶

NAT64 destination prefix.

vsr running config# vrf <vrf> cg-nat rule <uint16> deterministic-snat64 translate-to
vsr running translate-to# destination-prefix DESTINATION-PREFIX

DESTINATION-PREFIX

An IPv6 prefix: address and CIDR mask.

dynamic-snat44¶

Dynamic source NAT44 translation.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44

match¶

Match parameters.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 match

outbound-interface (mandatory)¶

Interface to match on outbound.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 match
vsr running match# outbound-interface OUTBOUND-INTERFACE

OUTBOUND-INTERFACE

An interface name.

source¶

Match on source address.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 match source

ipv4-address¶

Match on source address.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 match source
vsr running source# ipv4-address IPV4-ADDRESS

IPV4-ADDRESS

An IPv4 prefix: address and CIDR mask.

translate-to¶

Translate to.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to

pool-name (mandatory)¶

Name of IP address pool used for translation.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# pool-name <leafref>

max-blocks-per-user¶

Maximum number of port blocks assigned to a user.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# max-blocks-per-user <uint16>

active-block-timeout¶

Interval during which the the current block is used to allocate sessions. When set to 0, the current block is always used.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# active-block-timeout <uint16>

user-timeout¶

Interval during which the current block remains active after all user flows have expired.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# user-timeout <uint16>

max-conntracks-per-user¶

Maximum number of conntracks assigned to a user. When set to 0, the number of conntracks is not limited.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# max-conntracks-per-user <uint32>

port-algo¶

Port allocation algorithm for new mappings.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# port-algo PORT-ALGO

`PORT-ALGO` values	Description
parity	Preserve port parity: an even port will be mapped to an even port, and an odd port will be mapped to an odd port.
random	Choose port randomly.

endpoint-mapping¶

NAT endpoint mapping behavior.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# endpoint-mapping ENDPOINT-MAPPING

`ENDPOINT-MAPPING` values	Description
dependent	Reuse port mapping for subsequent packets sent from the same internal IP address and port to the same external IP address and port.
independent	Reuse the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port.

endpoint-filtering¶

NAT endpoint filtering behavior.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# endpoint-filtering ENDPOINT-FILTERING

`ENDPOINT-FILTERING` values	Description
dependent	Inbound packets from external endpoints are filtered out if they don’t fully match an existing mapping (IP/port src/dst).
independent	Inbound packets from external endpoints are filtered out only if their destination IP address and port don’t match an existing mapping (IP/port src can differ).

hairpinning¶

Enable communication between two hosts on the internal network, using their mapped endpoint.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# hairpinning true|false

address-pooling¶

CG-NAT Address Pooling mode.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat44 translate-to
vsr running translate-to# address-pooling ADDRESS-POOLING

`ADDRESS-POOLING` values	Description
paired	In paired mode, the same IP of the pool is used to translate all the sessions originating from the same CPE.
no-paired	In no-paired mode, different IPs of the pool can be used to translate different sessions originating from the same CPE.

dynamic-snat64¶

Dynamic source NAT64 translation.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64

match¶

Match parameters.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 match

outbound-interface (mandatory)¶

Interface to match on outbound.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 match
vsr running match# outbound-interface OUTBOUND-INTERFACE

OUTBOUND-INTERFACE

An interface name.

source¶

Match on source address.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 match source

ipv6-address¶

Match on source address.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 match source
vsr running source# ipv6-address IPV6-ADDRESS

IPV6-ADDRESS

An IPv6 prefix: address and CIDR mask.

translate-to¶

Translate to.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to

pool-name (mandatory)¶

Name of IP address pool used for translation.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# pool-name <leafref>

max-blocks-per-user¶

Maximum number of port blocks assigned to a user.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# max-blocks-per-user <uint16>

active-block-timeout¶

Interval during which the the current block is used to allocate sessions. When set to 0, the current block is always used.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# active-block-timeout <uint16>

user-timeout¶

Interval during which the current block remains active after all user flows have expired.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# user-timeout <uint16>

max-conntracks-per-user¶

Maximum number of conntracks assigned to a user. When set to 0, the number of conntracks is not limited.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# max-conntracks-per-user <uint32>

port-algo¶

Port allocation algorithm for new mappings.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# port-algo PORT-ALGO

`PORT-ALGO` values	Description
parity	Preserve port parity: an even port will be mapped to an even port, and an odd port will be mapped to an odd port.
random	Choose port randomly.

endpoint-mapping¶

NAT endpoint mapping behavior.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# endpoint-mapping ENDPOINT-MAPPING

`ENDPOINT-MAPPING` values	Description
dependent	Reuse port mapping for subsequent packets sent from the same internal IP address and port to the same external IP address and port.
independent	Reuse the port mapping for subsequent packets sent from the same internal IP address and port to any external IP address and port.

endpoint-filtering¶

NAT endpoint filtering behavior.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# endpoint-filtering ENDPOINT-FILTERING

`ENDPOINT-FILTERING` values	Description
dependent	Inbound packets from external endpoints are filtered out if they don’t fully match an existing mapping (IP/port src/dst).
independent	Inbound packets from external endpoints are filtered out only if their destination IP address and port don’t match an existing mapping (IP/port src can differ).

hairpinning¶

Enable communication between two hosts on the internal network, using their mapped endpoint.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# hairpinning true|false

address-pooling¶

CG-NAT Address Pooling mode.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# address-pooling ADDRESS-POOLING

`ADDRESS-POOLING` values	Description
paired	In paired mode, the same IP of the pool is used to translate all the sessions originating from the same CPE.
no-paired	In no-paired mode, different IPs of the pool can be used to translate different sessions originating from the same CPE.

destination-prefix¶

NAT64 destination prefix.

vsr running config# vrf <vrf> cg-nat rule <uint16> dynamic-snat64 translate-to
vsr running translate-to# destination-prefix DESTINATION-PREFIX

DESTINATION-PREFIX

An IPv6 prefix: address and CIDR mask.

static-dnat44¶

Static destination NAT44 translation.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat44

match¶

Match parameters.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat44 match

inbound-interface (mandatory)¶

Interface to match on inbound.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat44 match
vsr running match# inbound-interface INBOUND-INTERFACE

INBOUND-INTERFACE

An interface name.

destination¶

Match on destination address.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat44 match destination

ipv4-address¶

Match on destination address.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat44 match destination
vsr running destination# ipv4-address IPV4-ADDRESS

IPV4-ADDRESS

An IPv4 prefix: address and CIDR mask.

translate-to¶

Translate to.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat44 translate-to

ipv4-address (mandatory)¶

Translated Address.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat44 translate-to
vsr running translate-to# ipv4-address IPV4-ADDRESS

IPV4-ADDRESS

An IPv4 address.

static-dnat46¶

Static destination NAT46 translation.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat46

match¶

Match parameters.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat46 match

inbound-interface (mandatory)¶

Interface to match on inbound.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat46 match
vsr running match# inbound-interface INBOUND-INTERFACE

INBOUND-INTERFACE

An interface name.

destination¶

Match on destination address.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat46 match destination

ipv4-address¶

Match on destination address.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat46 match destination
vsr running destination# ipv4-address IPV4-ADDRESS

IPV4-ADDRESS

An IPv4 prefix: address and CIDR mask.

translate-to¶

Translate to.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat46 translate-to

ipv6-address (mandatory)¶

Translated Address.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat46 translate-to
vsr running translate-to# ipv6-address IPV6-ADDRESS

IPV6-ADDRESS

An IPv6 address.

source-prefix¶

NAT46 source prefix.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-dnat46 translate-to
vsr running translate-to# source-prefix SOURCE-PREFIX

SOURCE-PREFIX

An IPv6 prefix: address and CIDR mask.

static-snat44¶

Static source NAT44 translation.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat44

match¶

Match parameters.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat44 match

outbound-interface (mandatory)¶

Interface to match on outbound.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat44 match
vsr running match# outbound-interface OUTBOUND-INTERFACE

OUTBOUND-INTERFACE

An interface name.

source¶

Match on source address.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat44 match source

ipv4-address¶

Match on source address.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat44 match source
vsr running source# ipv4-address IPV4-ADDRESS

IPV4-ADDRESS

An IPv4 prefix: address and CIDR mask.

translate-to¶

Translate to.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat44 translate-to

ipv4-address (mandatory)¶

Translated Address.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat44 translate-to
vsr running translate-to# ipv4-address IPV4-ADDRESS

IPV4-ADDRESS

An IPv4 address.

static-snat64¶

Static source NAT64 translation.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat64

match¶

Match parameters.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat64 match

outbound-interface (mandatory)¶

Interface to match on outbound.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat64 match
vsr running match# outbound-interface OUTBOUND-INTERFACE

OUTBOUND-INTERFACE

An interface name.

source¶

Match on source address.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat64 match source

ipv6-address¶

Match on source address.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat64 match source
vsr running source# ipv6-address IPV6-ADDRESS

IPV6-ADDRESS

An IPv6 prefix: address and CIDR mask.

translate-to¶

Translate to.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat64 translate-to

ipv4-address (mandatory)¶

Translated Address.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat64 translate-to
vsr running translate-to# ipv4-address IPV4-ADDRESS

IPV4-ADDRESS

An IPv4 address.

destination-prefix¶

NAT64 destination prefix.

vsr running config# vrf <vrf> cg-nat rule <uint16> static-snat64 translate-to
vsr running translate-to# destination-prefix DESTINATION-PREFIX

DESTINATION-PREFIX

An IPv6 prefix: address and CIDR mask.

conntrack¶

Conntrack options.

vsr running config# vrf <vrf> cg-nat conntrack

behavior¶

Specific TCP options.

vsr running config# vrf <vrf> cg-nat conntrack
vsr running conntrack# behavior <behavior> enabled true|false

Conntrack specific TCP options.

enabled (mandatory)¶

Enable option.

enabled true|false

timeouts¶

Timeouts for the different events/protocols.

vsr running config# vrf <vrf> cg-nat conntrack timeouts

icmp¶

Conntrack options for ICMP.

vsr running config# vrf <vrf> cg-nat conntrack timeouts
vsr running timeouts# icmp <icmp> <uint32>

<icmp>

Conntrack state for ICMP, UDP or GRE-PPTP.

<uint32> (mandatory)¶

Timeout in seconds.

<uint32>

udp¶

Conntrack options for UDP.

vsr running config# vrf <vrf> cg-nat conntrack timeouts
vsr running timeouts# udp <udp> <uint32>

<udp>

Conntrack state for ICMP, UDP or GRE-PPTP.

<uint32> (mandatory)¶

Timeout in seconds.

<uint32>

gre-pptp¶

Conntrack options for GRE-PPTP.

vsr running config# vrf <vrf> cg-nat conntrack timeouts
vsr running timeouts# gre-pptp <gre-pptp> <uint32>

<gre-pptp>

Conntrack state for ICMP, UDP or GRE-PPTP.

<uint32> (mandatory)¶

Timeout in seconds.

<uint32>

tcp¶

Conntrack options for TCP.

vsr running config# vrf <vrf> cg-nat conntrack timeouts
vsr running timeouts# tcp <tcp> <uint32>

<tcp>

Conntrack state for TCP.

<uint32> (mandatory)¶

Timeout in seconds.

<uint32>

nat64¶

NAT64 conntrack options.

vsr running config# vrf <vrf> cg-nat conntrack nat64

option¶

Specific NAT64 options.

vsr running config# vrf <vrf> cg-nat conntrack nat64
vsr running nat64# option <option> true|false

`<option>` values	Description
update-tcp-mss	Enable/Disable TCP MSS update.
drop-udp-zero-checksum	Enable/Disable UDP null checksum packet drops.
force-frag-ipv4	Fragment IPv4 packets (with DF flag) if the MTU is too small.
force-frag-ipv6	Fragment IPv6 packets if the MTU is too small.

true|false (mandatory)¶

Option state.

true|false

mtu¶

NAT64 lowest IPv6 mtu configuration.

vsr running config# vrf <vrf> cg-nat conntrack nat64
vsr running nat64# mtu <mtu> <uint16>

<mtu>

Set lowest IPv6 MTU.

<uint16> (mandatory)¶

MTU (0 to fragment packet according to the MTU of the output interface).

<uint16>

logging¶

CG-NAT log configuration.

vsr running config# vrf <vrf> cg-nat logging

enabled¶

Enable log.

vsr running config# vrf <vrf> cg-nat logging
vsr running logging# enabled true|false