Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Command Reference-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
41424344454647484950
40
Parameter
endpoint-independent: Specifies the endpoint-independent mapping behavior mode. In this mode, the
peer IP address and peer port are not considered in address translation.
acl acl-number: Specifies the ACL for matching a specific NAT mapping behavior mode. The acl-number
argument represents the ACL number in the range of 2000 to 3999.
Usage guidelines
For packets with the same source address and port number, the same NAT444 mapping applies so that
the source IP address and port number are mapped to the same external address and port number,
regardless of the destination addresses of the packets. The NAT444 gateway also allows external hosts
to access the internal network by using the translated external addresses and port numbers. This mode
facilitates communication among hosts that connect to different NAT444 gateways.
For packets with the same source address and source port number but different destination addresses
and destination port numbers, different NAT444 mappings apply so that the source address and port
number are mapped to the same external IP address but different port numbers. The NAT444 gateway
allows the hosts only on the corresponding external networks where these destination addresses reside
to access the internal network. This mode is secure but inconvenient for communication among hosts that
connect to different NAT444 gateway.
If an ACL is configured, NAT444 mapping in endpoint-independent mapping behavior mode applies to
packets permitted by the ACL only. If no ACL is configured, NAT444 mapping in that mode applies to all
packets.
Examples
# Apply the endpoint-independent mapping mode to all packets for address translation.
<Sysname> system-view
[Sysname] nat mapping-behavior endpoint-independent
# Apply the Endpoint-Independent Mapping mode to FTP and HTTP packets, and the Address and
Port-Dependent Mapping mode to other packets for address translation.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule permit tcp destination-port eq 80
[Sysname-acl-adv-3000] rule permit tcp destination-port eq 21
[Sysname-acl-adv-3000] quit
[Sysname] nat mapping-behavior endpoint-independent acl 3000
nat444 outbound
Use nat444 outbound to configure a NAT444 dynamic IP-port block mapping on the outbound interface
that serves as the egress of an internal network to the external network.
Use undo nat444 outbound to remove the NAT444 dynamic IP-port block mapping on the interface.
Syntax
nat444 outbound acl-number address-group group-number port-range port-range-start port-range-end
block-size block-size
undo nat444 outbound acl-number
Views
Interface view