Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Command Reference-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
20
undo nat server protocol pro-type global acl-number inside local-address [ local-port ] [ vpn-instance
local-name ]
Views
Interface view
Default command level
2: System level
Parameters
protocol pro-type: Specifies a protocol type. pro-type supports TCP, UDP, and ICMP. If ICMP is specified,
do not specify port number for the internal server.
acl-number: Number of an ACL, in the range of 2000 to 3999.
local-address: Internal IP address of the internal server.
local-port: Port number provided by the internal server, in the range of 0 to 65535, excluding FTP port
number 20.
You can use the service names to represent those well-known port numbers. For example, you can
use www to represent port number 80, ftp to represent port number 21, and so on.
You can use the keyword any to represent port number 0, which means all types of services are
supported. This has the same effect as a static translation between the global-address and
local-address.
vpn-instance local-name: Specifies the VPN to which the internal server belongs. The local-name
argument is a case-sensitive string of 1 to 31 characters. Without this parameter, the internal server does
not belong to any VPN.
Examples
# Create ACL 3000 to permit packets with the destination address 202.110.10.100/24. The address is
the public address of the internal server.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule permit ip destination 202.110.10.100 0.0.0.255
[Sysname-acl-adv-3000] quit
# Allow packets permitted by the ACL to access the internal Web server 192.168.0.1. Assume that the
interface GigabitEthernet 0/1 is connected to the external network.
[Sysname] interface gigabitethernet 0/1
[Sysname-GigabitEthernet0/1] nat server protocol tcp global 3000 inside 192.168.0.1 www
Related commands
display nat server
nat static
Use nat static to configure a one-to-one static NAT mapping.
Use undo nat static to remove a one-to-one static NAT mapping.
Syntax
nat static [ acl-number ] local-ip [ vpn-instance local-name ] global-ip [ vpn-instance global-name ]
undo nat static [ acl-number ] local-ip [ vpn-instance local-name ] global-ip [ vpn-instance global-name ]