F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
6
An address pool is a set of consecutive public IP addresses used for dynamic NAT. A NAT gateway
selects addresses from the address pool and uses them as the translated source IP addresses.
To implement NAT for stateful failover (asymmetric-path), you must configure the same address pool on
both devices so that one device can take over when the other device fails. However, if the two devices
select the same IP address from their address pool and assign the same port number, reverse sessions on
the two devices are the same. As a result, they cannot back up session data.
To solve the problem, the low-priority address pool attribute is introduced to NAT. Configure a
non-low-priority address pool on a device and configure a low-priority address pool on the other device.
The two address pools have the same address range, but have different port number ranges so that the
devices can back up session data.
For more information about stateful failover, see High Availability Configuration Guide.
7B
Configuration guidelines
• An address pool can contain a maximum of 255 addresses.
• On certain types of devices, an address pool cannot include addresses in other address pools, IP
addresses of interfaces with Easy IP enabled, or public addresses of internal servers.
• Low-priority address pools cannot include addresses in non low-priority address pools, external IP
addresses for one-to-one NAT, and public addresses of internal servers.
• The address pool, dynamic NAT, static NAT, and internal server configurations can be modified
through Web pages. The modification you make takes effect after the former configuration is
removed by the system.
8B
Configuring NAT in the Web interface
45BRecommended configuration procedure
110BConfiguring dynamic NAT
Task Remarks
229H
Creating an address pool Required for NAPT and NO-PAT modes.
230H
Configuring dynamic NAT Required.
111BConfiguring static NAT
Task Remarks
231H
Creating a static address mapping
Required.
Static NAT supports two modes, one-to-one and net-to-net.
232H
Enabling static NAT on an interface Required.