F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Command Reference-6PW100

For some devices, the ACL rules referenced by the same interface cannot conflict. That is, the source IP

address, destination IP address, and VPN instance information in two ACL rules cannot be the same. For

basic ACLs (numbered from 2000 to 2999), if the source IP address and VPN instance information in

two ACL rules are the same, a conflict occurs.

Examples

# Configure NAT for hosts on subnet 10.110.10.0/24. The NAT address pool contains addresses

202.110.10.10 through 202.110.10.12. Assume that interface GigabitEthernet 0/1 is connected to the

Internet.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255

[Sysname-acl-basic-2001] rule deny

[Sysname-acl-basic-2001] quit

[Sysname] nat address-group 1 202.110.10.10 202.110.10.12

# Configure address pool 1.

[Sysname] nat address-group 1 202.110.10.10 202.110.10.12

# Use addresses in address pool 1 as translated addresses and TCP/UDP port information.

[Sysname] interface gigabitethernet 0/1

[Sysname-GigabitEthernet0/1] nat outbound 2001 address-group 1

# Use addresses in address pool 1 as translated addresses without using TCP/UDP port information.

<Sysname> system-view

[Sysname] interface gigabitethernet 0/1

[Sysname-GigabitEthernet0/1] nat outbound 2001 address-group 1 no-pat

# Use the IP address of interface GigabitEthernet 0/1 as translated address.

<Sysname> system-view

[Sysname] interface gigabitethernet 0/1

[Sysname-GigabitEthernet0/1] nat outbound 2001

nat outbound static

Use nat outbound static to enable static NAT on an interface, making the configured static NAT

mappings take effect.

Use undo nat outbound static to disable static NAT on the interface.

Syntax

nat outbound static [ track vrrp virtual-router-id ]

undo nat outbound static [ track vrrp virtual-router-id ]

Views

Interface view

Default command level

2: System level