F3215-HP Load Balancing Module Network Management Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

121

122

123

124

125

126

127

128

129

130

114

In general, this command is configured on an interface that serves as the egress of an internal network

and connects to the external network.

The device supports using an interface address as the external IP address of an internal server, which is

Easy IP. If you specify the current-interface keyword, the internal server uses the current primary IP

address of the current interface. If you use interface { interface-type interface-number } to specify an

interface, the interface must be an existing loopback interface and the current primary IP address of the

loopback interface is used.

HP recommends that if an internal server using Easy IP is configured on the current interface, the IP

address of this interface should not be configured as the external address of another internal server and

vice versa. This is because that the interface address that is referenced by the internal server using Easy

IP serves as the external address of the internal server.

In stateful failover networking, make sure you associate the public address of an internal server on an

interface with one VRRP group only. Otherwise, the system associates the public address with the VRRP

group having the highest group ID.

When the protocol type is not udp (with a protocol number of 17) or tcp (with a protocol number of 6),

you can configure one-to-one NAT between an internal IP address and an external IP address only, but

cannot specify port numbers.

Examples

# Allow external users to access the internal Web server 10.110.10.10 on the LAN through

http://202.110.10.10:8080, and the internal FTP server 10.110.10.11 in VPN vrf10 through

ftp://202.110.10.10. Assume that the interface GigabitEthernet 0/1 is connected to the external

network.

<Sysname> system-view

[Sysname] interface gigabitethernet 0/1

[Sysname-GigabitEthernet0/1] nat server protocol tcp global 202.110.10.10 8080 inside

10.110.10.10 www

[Sysname-GigabitEthernet0/1] quit

[Sysname] ip vpn-instance vrf10

[Sysname-vpn-instance] route-distinguisher 100:001

[Sysname-vpn-instance] vpn-target 100:1 export-extcommunity

[Sysname-vpn-instance] vpn-target 100:1 import-extcommunity

[Sysname-vpn-instance] quit

[Sysname] interface gigabitethernet 0/1

[Sysname-GigabitEthernet0/1] nat server protocol tcp global 202.110.10.10 21 inside

10.110.10.11 vpn-instance vrf10

# Allow external hosts to ping the host with an IP address of 10.110.10.12 in VPN vrf10 by using the ping

202.110.10.11 command.

<Sysname> system-view

[Sysname] interface gigabitethernet 0/1

[Sysname-GigabitEthernet0/1] nat server protocol icmp global 202.110.10.11 inside

10.110.10.12 vpn-instance vrf10

# Allow external hosts to access the Telnet services of internal servers 10.110.10.1 to 10.110.10.100 in VPN

vrf10 through the public address of 202.110.10.10 and port numbers from 1001 to 1100. As a result, a

user can Telnet to 202.110.10.10:1001 to access 10.110.10.1, Telnet to 202.110.10.10:1002 to access

10.110.10.2, and so on.

<Sysname> system-view

[Sysname] interface gigabitethernet 0/1