NAT ALG (Application Level Gateways)

Hello Giovanni

NAT ALG on most (if not all) Cisco IOS routers is enabled by default. This means that you don’t actually have to do anything to configure it. The purpose of this lesson was to show how a router behaves with NAT ALG.

Now with or without NAT ALG, the actual NAT configuration does not change. You still configure it the same way. NAT ALG is actually configured using nat service commands. For example, if you were to disable NAT ALG for SIP (which is one of the most popular uses of ALG), you would issue the following command

no ip nat service sip udp port 5060

Notice that the NAT ALG configuration includes information such as the application layer protocol for which you want the config to function, as well as the transport layer protocol and the port being used. If you want to reenable the feature, you would simply issue the same command without the “no” keyword.

Depending on the capabilities of the IOS version and router, you can specify the service and the port that you want to enable/disable the feature for.

For more info on the enabling/disabling/configuration of ALG, take a look at this Cisco documentation.

I hope this has been helpful!

Laz

1 Like