F3215-HP Load Balancing Module Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

121

122

123

124

125

126

127

128

129

130

117

Ste

Command

3. Configure No-PAT by associating an ACL with

an IP address pool on the outbound interface

for translating only IP addresses.

nat outbound acl-number address-group group-number

[ vpn-instance vpn-instance-name ] no-pat [ track vrrp

virtual-router-id ]

Configuring NAPT

With a specific ACL associated with an address pool or interface address, NAPT translates the source

address of a packet permitted by the ACL into an IP address of the address pool or the interface address,

with using the port information.

To configure NAPT:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter interface view.

interface interface-type

interface-number

N/A

3. Configure NAPT by

associating an ACL with an

IP address pool on the

outbound interface for

translating both IP address

and port number.

nat outbound acl-number

[ address-group group-number

[ vpn-instance vpn-instance-name ]

[ port-preserved ] ] [ track vrrp

virtual-router-id ]

If you specify the port-preserved

keyword, source port number does

not change.

If you do not specify the

port-preserved keyword, NAPT also

translates source port number.

Configuring an internal server

To configure an internal server, you need to map an external IP address and port number to the internal

server. This is done through executing the nat server command on an interface.

Internal server configurations include external network information (external IP address global-address

and external port number global-port), internal network information (internal IP address local-address

and internal port number local-port), and internal server protocol type.

Both internal servers and their external IP addresses can support VPN. If an internal server belongs to a

VPN, you also need to specify the vpn-instance-name argument. Without this argument specified, the

internal server does not belong to any VPN.

Configuring a common internal server

After mapping the internal IP address/port number (local-address and local-port) of a common internal

server to an external IP address/port number (global-address and global-port), hosts in external

networks can access the server located in the internal network.

The device supports using the interface address as the external address of an internal server, which is the

Easy IP feature. If you want to specify an interface, the interface must be a loopback interface and must

already exist.

If you configure an internal server using Easy IP but do not configure an IP address for the interface, the

internal server configuration does not take effect.

To configure a common internal server (1):