-
Cisco IP Solution Center API Programmer Guide, 4.0
-
Index
-
About This Guide
-
Introduction to the ISC API
-
Getting Started
-
Common APIs
-
Using Templates
-
Monitoring APIs
-
MPLS Provisioning
-
L2VPN Provisioning
-
VPLS Provisioning
-
QoS Provisioning
-
IPsec Provisioning
-
NAT Provisioning
-
Firewall Provisioning
-
GUI to API Mapping
-
Implementing a Notification Server
-
Scripts
-
Feedback
Table Of Contents
Creating a NAT Service Request
NAT Provisioning
This feature is not supported in this release.
Network Address Translation (NAT) is used to translate IP addresses that are not globally unique into routable IP addresses. NAT provisioning with the Cisco IP Solution Center (ISC) supports network, host, or portion-based static translations, dynamic translations (including NAT and PAT) for both Internet-bound and site-to-site traffic, alternative IP address pools, port-to-port traffic redirect, and overlapping IP address spaces.
Use the ISC API to provision NAT services for the following network configurations:
•
Single site—A site with private addresses that require access to the Internet.
•
•
This chapter describes NAT service concepts and the steps required to provision NAT services using the ISC API. The provisioning example includes all steps from creating the inventory to auditing the service deployment.
For more information on NAT provisioning using ISC, refer to the Cisco IP Solution Center Integrated VPN Management Suite Security User Guide, 4.0.
This chapter contains the following sections:
NAT Service Requests
Unlike other ISC services, NAT provisioning does not require a service definition (policy). The service request alone creates the NAT configuration and delivers it to target devices.
A NAT service request consists of SRPeerIPAddressRanges, which are the peer IP address ranges for all devices in the service request, and NatLink, which defines the device-specific parameters. NatLink parameters include:
•
•
•
•
•
•
See the following example:
<objectPath xsi:type="ns1:CIMObjectPath"><className xsi:type="xsd:string">ServiceRequestDetails</className><properties xsi:type="ns1:CIMPropertyList"soapenc:arrayType="ns1:CIMProperty[]"><properties><objectPath xsi:type="ns1:CIMObjectPath"><className xsi:type="xsd:string">SRPeerIPAddressRanges</className><properties xsi:type="ns1:CIMPropertyList"soapenc:arrayType="ns1:CIMProperty[]"><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">IsExclusion</name><value xsi:type="xsd:string">true</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">IPAndSubnet</name><value xsi:type="xsd:string">122.133.144.155/24</value></item></properties></objectPath><objectPath xsi:type="ns1:CIMObjectPath"><className xsi:type="xsd:string">SRPeerIPAddressRanges</className><properties xsi:type="ns1:CIMPropertyList"soapenc:arrayType="ns1:CIMProperty[]"><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">IsExclusion</name><value xsi:type="xsd:string">false</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">IPAndSubnet</name><value xsi:type="xsd:string">166.177.188.199/32</value></item></properties></objectPath><objectPath xsi:type="ns1:CIMObjectPath"><className xsi:type="xsd:string">NatLink</className><properties xsi:type="ns1:CIMPropertyList"soapenc:arrayType="ns1:CIMProperty[]"><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">Cpe</name><value xsi:type="xsd:string">ensw2950-1</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">AddressOverlapping</name><value xsi:type="xsd:string">true</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">AutoTranslation</name><value xsi:type="xsd:string">false</value></item></properties><objectPath xsi:type="ns1:CIMObjectPath"><className xsi:type="xsd:string">NatAddrPool</className><properties xsi:type="ns1:CIMPropertyList"soapenc:arrayType="ns1:CIMProperty[]"><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">PoolType</name><value xsi:type="xsd:string">ALTERNATE</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">Overloading</name><value xsi:type="xsd:string">true</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">PoolName</name><value xsi:type="xsd:string">addrPoolNBI-One</value></item></properties></objectPath><objectPath xsi:type="ns1:CIMObjectPath"><className xsi:type="xsd:string">NatAddrPool</className><properties xsi:type="ns1:CIMPropertyList"soapenc:arrayType="ns1:CIMProperty[]"><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">PoolType</name><value xsi:type="xsd:string">PRIMARY</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">Overloading</name><value xsi:type="xsd:string">false</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">PoolName</name><value xsi:type="xsd:string">addrPoolNBI-Two</value></item></properties><objectPath xsi:type="ns1:CIMObjectPath"><className xsi:type="xsd:string">DynamicAddrTranslation</className><properties xsi:type="ns1:CIMPropertyList"soapenc:arrayType="ns1:CIMProperty[]"><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">FromInterface</name><value xsi:type="xsd:string">inside</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">FromPrefix</name><value xsi:type="xsd:string">168.122.34.1/24</value></item><name xsi:type="xsd:string">FromPrefix</name><value xsi:type="xsd:string">192.100.100.1/24</value></item> --><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">ToInterface</name><value xsi:type="xsd:string">outside</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">AlternativeTranslation</name><value xsi:type="xsd:string">false</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">OptionalCommand</name><value xsi:type="xsd:string">20</value></item></properties></objectPath></objectPath><objectPath xsi:type="ns1:CIMObjectPath"><className xsi:type="xsd:string">StaticAddrTranslation</className><properties xsi:type="ns1:CIMPropertyList"soapenc:arrayType="ns1:CIMProperty[]"><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">FromPort</name><value xsi:type="xsd:string">8088</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">FromIpAddress</name><value xsi:type="xsd:string">122.168.134.56</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">OptionalCommand</name><value xsi:type="xsd:string">9</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">ToPort</name><value xsi:type="xsd:string">8234</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">ToInterface</name><value xsi:type="xsd:string">7</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">AlternativeTranslation</name><value xsi:type="xsd:string">false</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">FromInterface</name><value xsi:type="xsd:string">4</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">InterfaceTranslation</name><value xsi:type="xsd:string">4</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">TransType</name><value xsi:type="xsd:string">PortBased</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">NetMask</name><value xsi:type="xsd:string">255.255.255.252</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">Protocol</name><value xsi:type="xsd:string">UDP</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">ToIpAddress</name><value xsi:type="xsd:string">10.10.10.2</value></item></properties></objectPath><objectPath xsi:type="ns1:CIMObjectPath"><className xsi:type="xsd:string">DevicePeerIPAddressRanges</className><properties xsi:type="ns1:CIMPropertyList"soapenc:arrayType="ns1:CIMProperty[]"><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">IsExclusion</name><value xsi:type="xsd:string">true</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">IPAndSubnet</name><value xsi:type="xsd:string">192.168.134.12/24</value></item></properties></objectPath><objectPath xsi:type="ns1:CIMObjectPath"><className xsi:type="xsd:string">TrafficRedirect</className><properties xsi:type="ns1:CIMPropertyList"soapenc:arrayType="ns1:CIMProperty[]"><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">ToInterface</name><value xsi:type="xsd:string">FastEthernet1</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">FromInterface</name><value xsi:type="xsd:string">FastEthernet2</value></item></properties><objectPath xsi:type="ns1:CIMObjectPath"><className xsi:type="xsd:string">TrafficPattern</className><properties xsi:type="ns1:CIMPropertyList"soapenc:arrayType="ns1:CIMProperty[]"><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">Action</name><value xsi:type="xsd:string">Permit</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">SourceNetwork</name><value xsi:type="xsd:string">192.168.134.12/24</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">SourceNetwork</name><value xsi:type="xsd:string">102.108.104.102/24</value></item><item xsi:type="ns1:CIMProperty"><name xsi:type="xsd:string">DestinationNetwork</name><value xsi:type="xsd:string">192.168.134.14/24</value></item></properties></objectPath></objectPath></objectPath></objectPath></objectPath></action>Provisioning Example
This section describes the process for using the API to provision NAT using XML examples, and includes the operation, object definition (className), and parameter definitions.
The complete list of XML examples for NAT are located at: http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/isc/4_0/api/apiref/examples/index.htm
Note
Preparing Inventory
Step 1
Every network element that ISC manages must be defined as a device in the system. An element is any device from which ISC can collect configuration information.
ISC supports these devices for NAT provisioning:
•
•
XML Examples:
•
•
Step 2
A customer is a requestor of VPN services. Each customer can contain multiple customer sites. Each site belongs to only one customer and can contain multiple CPEs.
Table 11-2 Create Organization
createInstance
Organization
•
XML Examples:
•
Step 3
Table 11-3 Create Sites
createInstance
Site
•
•
XML Examples:
•
Step 4
•
•
XML Examples:
•
Creating a NAT Service Request
NAT service requests do not require a service definition (policy). A NAT service request consists of the service request peer IP address ranges (the range for all devices in the service request), and the device specific parameters, defined in the NatLink object.
Table 11-5 Create a NAT Service Request
performBatchOperations
createInstance
ServiceOrder
•
•
•
•
ServiceRequest
•
•
•
ServiceRequestDetails
•
•
NatLink
•
•
•
•
•
•
–
•
Note
Note
XML Examples:
•
•
Auditing Service Requests
A configuration audit occurs automatically each time you deploy a service request. During this configuration audit, ISC verifies that all Cisco IOS commands are present and that they have the correct syntax. An audit also verifies that there were no errors during deployment by examining the commands configured by the service request on the target devices. If the device configuration does not match what is defined in the service request, the audit flags a warning and sets the service request to a Failed Audit or Lost state.
If you do not want the configuration audit to occur, change the value for the Audit parameter in the service request. The Audit parameter supports these values:
•
•
•
You can use the Audit parameter with a Create, Modify, or Decommission service request or a Deployment task. See the "Service Decommission" section for more information. To perform a configuration audit as a separate task see the "Tasks" section.
