Working with NAT Blocks
The following section contains details on working with NAT blocks, from within the IPAM system.
Track IP NAT Associations
Track NAT associations between public and private (1918) blocks via the IPAM "NAT" Field.
The "NAT" field accepts a single IPv4 CIDR to associate with the current block, and automatically updates the corresponding block with the NAT association.
Working with NAT'ed Blocks
Use caution when managing NAT'ed blocks or aggregates - major actions that change either block's assignment or size (assign, unassign, split, merge, autosplit/cleanup) removes the NAT association.
In this case, complete the necessary high-level block tasks, and then re-save the NAT CIDR association to either block.
Enable NAT
Enable the NAT field by navigating to IPAM Admin → Edit IPAM Columns.
Create NAT Association
Ensure that the two appropriate IP Aggregates (one public, one 1918 private space) containing the desired blocks to NAT have been added into ProVision. (See: Working with IP Aggregates)
After verifying the aggregates and blocks, you may add the NAT association:
Configure NAT to Router(s)
To push the NAT association to a router, go to the IPAM Manage Action Menu, and select "Configure NAT" for the NAT'ed block(s) (For information on adding a router to ProVision, see Peering Routers).
NAT Rotate Dynamic IPs
NAT'ed block assignments may be automatically rotated to other available IPs via the "Rotate Dynamic IPs" scheduler task available in the Admin → Scheduler tab.
"Rotate Dynamic IPs" reassigns single IPv4 NAT addresses (/32s) after 'x' days (since last config push) to an available address denoted by blocks associated with the Dynamic_Available tags.
Prior to using this task, two blocks (one public, one private) must be NAT'ed in IPAM, the NAT Config pushed to a router, and appropriate blocks tagged with "Dynamic_Base" and "Dynamic_Available".
Additional Information
For additional information on working with the IPAM system in ProVision, see the following areas:
- Gadgets (IPAM and IPAMv2 Gadgets)
- Working with IP Rules
- IPAM Administration