Quick reference for NAT discovery configuration

Use this information as a step-by-step guide to configuring a NAT discovery..

The steps are described in the following table.

Table 1. Quick reference for NAT discovery configuration
Action Using the GUI Using the command line

1. Configure the discovery to use network address translation. You can do this using the Discovery Configuration GUI, or using the command line.

Configuring NAT translation

Enabling NAT translation

2. Define each NAT gateway device and its corresponding address space. You can do this using the Discovery Configuration GUI, or using the command line.

Defining address spaces for NAT gateways

3. Seed the Ping finder with the IP address of each NAT gateway device.

Seeding discovery

Guidance for seeding a discovery
DiscoPingFinderSeeds.cfg configuration file

Guidance for seeding a NAT discovery
Seeding discovery with NAT gateway addresses

4. Define a scope zone for each NAT gateway device.
Note: You do not need to define a scope zone for any NAT Gateway devices whose IP address is already within any other scope zones defined for the discovery.
Note: Do not define an address space for the NAT gateway devices or for public subnet scopes. Address space can only be defined for private subnets.

Scoping discovery

Guidance for scoping a discovery
DiscoScope.cfg configuration file

Example: how to define a scope zone for a private NAT subnet
Defining a scope zone within a NAT domain

5. Define scope zones for the public subnets associated with each NAT address space.

Note: Do not define an address space for the NAT gateway devices or for public subnet scopes. Address space can only be defined for private subnets.
6. Where possible, define scope zones for the private subnet associated with each NAT address space.
Restriction: You can only define a scope zone for a private NAT address space where the subnet and netmask combination of the private subnet is unique within the discovery configuration.
Make the following settings when defining this scope:
  1. Uncheck the Add to Ping Seed List option. You must do this because private subnets are not pingable.
  2. Define an address space for this private subnet.
The advantages of adding a scope zone for each private NAT address space are as follows:
  • This ensures that only addresses in that private space are fed back during the discovery.
  • If the NAT Gateway device and the devices within the associated NAT address space are routers. then adding a scope zone for that private NAT address space limits the download of unnecessary routing data.
7. Enable NAT agents as follows:
  • For supported NAT Gateway devices, enable the CiscoNATTelnet or NATNetScreen agent.
  • For unsupported NAT Gateway devices, create a NAT mapping file and enable the NATTextFileAgent agent

Activating agents

Enabling agents for supported NAT gateway devices

Enabling agents for unsupported NAT gateway devices