Tags:


Forum Replies

  1. Hi Rene,

    So for NAT ALG only extra command is ip virtual-reassembly in right ??

    br//zaman

  2. Hello Zaman.

    The command ip virtual-reassembly is not related to NAT ALG. This command is used for detecting and preventing several different types of fragmentation attacks. More about this command can be found at the following link.

    https://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/15-2mt/sec-cbac-vfr.html#GUID-0A94C3F4-5D7A-4E85-8FAE-0F8F6EBABACF

    In the lesson, R1 employs NAT ALG by default and Rene is showing an example of how it actually functions. No specialized configuration is necessary for NAT ALG to function.

    I hope this has been helpful!

    Laz

  3. It’s quite surprising, but this autoconfiguration can sometimes cause more issues than it fixes.

    I’ve been requested to disable this before to get sip working.

    The command to disable for UDP is:

    no ip nat service sip udp port 5060

  4. Hello Chris

    Yes, you are correct that NAT ALG can cause some interesting and often unpredictable results. This is usually the case when used in conjunction with some other security appliance such as a firewall where additional NAT or VPN functionality takes place. It is the policy of some networking professionals to disable this service in order to avoid these unpredictable results.

    In any case it is necessary to approach NAT ALG with caution and make sure to take into account all possible contingencies.

    I hope this has been helpful!

    Laz

Ask a question or join the discussion by visiting our Community Forum