Manualshelf

User Manual

ManualsBrandsCabletron ManualsCables & InterconnectsCabletron Tpfot-2 10BT Transceiver 1 RJ45 Utp to 1 St MMf
351352353354355356357358359360
NAT and ICMP Packets
330 Enterasys X-Pedition User Reference Manual
The default timeout for DNS dynamic address bindings is 30 minutes. You can change this timeout
by entering the following command in Configure mode:
NAT and ICMP Packets
NAT translates addresses embedded in the data portion of the following types of ICMP error
messages:
Destination unreachable (type 3)
Source quench (type 4)
Redirect (type 5)
Time exceeded (type 11)
Parameter problem (type 12)
NAT and FTP
File Transfer Protocol (FTP) packets require special handling with NAT, because the FTP PORT
command packets contain IP address information within the data portion of the packet. It is
therefore important for NAT to know which control port is used for FTP (the default is port 21) and
the timeout for the FTP session (the default is 30 minutes). If FTP packets will arrive on a different
port number, you need to specify that port to NAT. To define FTP parameters to NAT, enter the
following commands in Configure mode.
If PAT is enabled, NAT checks packets for the FTP PORT command. If a packet is to be translated
(as determined by the ACL specified for the dynamic address binding), NAT creates a dynamic
binding for the PORT command. An outside host will only see a global IP address in an FTP
response and not the local IP address.
The XP's current ACL/NAT implementation does not make provisions for running standard or
PASV FTP sessions across a translated interface when only ports 20 (FTP data port) and 21 (FTP
control port) are open for communication. Because FTP will use other higher-numbered ports to
establish TCP sessions, FTP sessions established across a NAT-translated interface may hang if
these other TCP ports are not open for communication. In order to allow FTP to establish a TCP
session on higher-numbered ports, the NAT-associated ACL must be set up to allow incoming
traffic from any port. When running this configuration, it is suggested that NAT secure-plus is
Specify the timeout for DNS
bindings.
nat set dns-session-timeout <minutes>
Specify the FTP control port. nat set ftp-control-port <port number>
Specify the FTP session timeout.
nat set ftp-session-timeout <minutes>