SBC 1000/2000 4.1.x : Working with NAT and Port Forwarding


The SBC is capable of functioning as the only edge device between the office LAN and the ISP connected WAN. The SBC implements Network Address Translation (NAT) functionality providing internet connectivity between hosts on a local, private network, and the public domain. NAT and port forwarding on the SBC 1000/2000 are configured independently. However, in most cases NAT is required in order to enable hosts on the private network to reach the external network.

Private vs. Public IP Addresses

Sonus recommends that you use non-routable address assignments, however private non-routable addresses are not required. For more information about non-routable address assignments see RFC 1918.

IPv4 vs IPv6

The NAT functionality of the SBC applies only to IPv4 Addresses.

Configuration Example

The following is an example of an SBC configured to function as an edge device with a private LAN and external WAN interfaces. In the illustrated example, PCs, IP phones, and servers attached to Interface 1 on the SBC with private, IP addresses are able to communicate with the public network attached to Interface 2 when NAT is configured.


Address and Port Forwarding on the Sonus SBC 1000/2000

The Network Address Translation feature on allows you to configure Network Port Translation (NAPT) and port forwarding (PF) independently. The SBC 1000/2000 system employs NAPT rather than basic NAT (see RFC 3022 for more information) such that the SBC only exposes a single IP address (Node IP Address) to the public network instead of a range of IP addresses.

If you intend to use both NAT and port forwarding, Sonus recommends that you first make sure that the NAT configuration is tested and working properly.

General Feature Configuration

The feature must be configured such that distinct private and public (external) networks are connected to separate Ethernet (ETH1 and ETH2) interfaces. The SBC logical interfaces are specified in the NAT Interface Table page of the UI. The private networks are all networks not connected to the external (public) interface.

Network devices and servers connected to the private network must be configured such that the SBC 1000/2000 private interface is specified as their gateway address.

Secondary IP Address Restrictions

Neither the internal (private) or the external (public) network may be connected to a secondary IP address.

Access Control List (ACL) Restrictions

If you are using ACLs, you must assure that the defined rules do not block the forwarded port connections. For more information about Access Control Lists on the Sonus SBC 1000/2000 see: Managing Access Control Lists.

Maximum Port Forwarding Entries

The Port Forwarding Table is limited to a maximum of 20 entries.

Internal Device Firewall Settings

When port forwarding is used, assure that the firewall (if applicable) on the destination device or server allows traffic to through those ports specified in the port forwarding table entry associated with the device's IP address.

Reserved TCP and UDP Ports

There are a number of ports that are reserved by the SBC for internal functions, none of which may be specified when configuring port forwarding. A list of reserved ports can be found on the Creating and Modifying Entries to the NAT Port Forward Table documentation page.

Managing NAT Interface Tables
Managing Port Forwarding Tables