How to configure persistent NAT for DIPP

20027

Created On 05/17/23 19:40 PM - Last Modified 05/05/25 21:03 PM

NAT

10.2

10.1

11.1

11.0

Strata

Objective

To configure Persistent NAT for DIPP (Dynamic IP and Port)

> set system setting persistent-dipp enable yes

> set system setting persistent-dipp enable no

> request restart system

> show system setting persistent-dipp 
Persistent DIPP : Enabled

> show system state | match persistent-dipp 
cfg.nat.persistent-dipp: 1        (0 = Disabled; 1 = Enabled)

Note:

There are different types of source NAT one such is Dynamic IP and Port (DIPP).
Applications such as VoIP, video and other utilizing DIPP can require STUN protocol and while DIPP NAT uses symmetric NAT mechanism. This poses compatibility issues with STUN itself.
When persistent NAT for DIPP is enabled, the binding of a private source IP address/port pair to a specific public (translated) source IP address/port pair persists for subsequent sessions that come in with the same original source IP address/port pair.
The following example shows three sessions:

In this example, original source IP address/port 10.1.1.5:2966 is bound to the translated source IP address/port 192.168.1.6:1077 in Session 1.
The same binding is persistent in Session 2 and Session 3, which have the same original source IP address/port as Session 1, but different destination addresses.
The persistence of the binding ends after all of the sessions for that source IP address/port pair have ended.
In Session 1 of the example, the Destination port is 3478, the default STUN port.
When persistent NAT for DIPP is enabled, it applies to all NAT and NAT64 rules subsequently configured; it is a global setting. Management plane or dataplane logs will indicate NAT DIPP/STUN support has been enabled
Once enable/disabled it's configuration present during any unexpected reboot or upgrade/downgrade event of a FW