You can reserve Dynamic IP NAT addresses (for
a configurable period of time) to prevent them from being allocated
as translated addresses to a different source IP address that needs
translation. When configured, the reservation applies to all of
the translated Dynamic IP addresses in progress and any new translations.
both translations in progress and new translations, when a source
IP address is translated to an available translated IP address,
that pairing is retained even after all sessions related to that
specific source IP are expired. The reservation timer for each source
IP address begins after all sessions that use that source IP address
translation expire. Dynamic IP NAT is a one-to-one translation;
one source IP address translates to one translated IP address that
is chosen dynamically from those addresses available in the configured
pool. Therefore, a translated IP address that is reserved is not
available for any other source IP address until the reservation expires
because a new session has not started. The timer is reset each time
a new session for a source IP/translated IP mapping begins, after
a period when no sessions were active.
By default, no addresses
are reserved. You can reserve Dynamic IP NAT addresses for the firewall
or for a virtual system.
Reserve dynamic IP NAT addresses for
Enter the following commands:
set setting nat reserve-ip yes
set setting nat reserve-time
Reserve dynamic IP NAT addresses for a virtual system.
Enter the following commands:
setting nat reserve-ip yes
setting nat reserve-time
example, suppose there is a Dynamic IP NAT pool of 30 addresses
and there are 20 translations in progress when the
to 28800 seconds (8 hours). Those 20 translations are now reserved,
so that when the last session (of any application) that uses each
source IP/translated IP mapping expires, the translated IP address
is reserved for only that source IP address for 8 hours, in case
that source IP address needs translation again. Additionally, as
the 10 remaining translated addresses are allocated, they each are
reserved for their source IP address, each with a timer that begins
when the last session for that source IP address expires.
this manner, each source IP address can be repeatedly translated
to its same NAT address from the pool; another host will not be
assigned a reserved translated IP address from the pool, even if
there are no active sessions for that translated address.
a source IP/translated IP mapping has all of its sessions expire,
and the reservation timer of 8 hours begins. After a new session
for that translation begins, the timer stops, and the sessions continue
until they all end, at which point the reservation timer starts
again, reserving the translated address.
The reservation timer
remain in effect on the Dynamic IP NAT pool until you disable it
by entering the
set setting nat reserve-ip no
or you change the
to a different value.
CLI commands for reservations do not affect Dynamic IP and Port
(DIPP) or Static IP NAT pools.