13.6 Dynamic NAT and dynamic PAT considerations
One NNMi management server can manage one dynamic NAT or dynamic PAT domain. All nodes in such a domain must belong to the same unique tenant. The NNMi management server must participate in a global network management environment as a regional manager. For details, see the example of a dynamic NAT configuration shown below.
If a regional manager is located behind a NAT firewall, its external (public) address must be static.
|
![[Figure]](GRAPHICS/F0000014.GIF)
To monitor multiple dynamic NAT and dynamic PAT domains, use NNMi's global network management feature. Tenants must be unique within the entire NNMi global network management configuration. For details, see the following figure for an example of a global network management configuration within a NAT environment.
|
![[Figure]](GRAPHICS/F0000075.GIF)
Devices that belong to the default tenant can have a Layer 2 connection to any device in any tenant. Devices within any tenant other than the default tenant can have a Layer 2 connection only to devices within the same tenant or the default tenant.
Assign all infrastructure devices that interconnect multiple NAT domains (such as the NAT gateway) to the default tenant. This ensures that NNMi displays the Layer 2 connections your workgroup (and customers) needs to see.
The devices in the default security group are displayed in all views. To control access to a device, assign that device to a security group that is not the default security group.
For details about global network management, see 15. Global Network Management. For details about configuring tenants, see Configure Tenants in NNMi Help.