F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
9
Figure 7 Adding Dynamic NAT page
3. Configure dynamic NAT on an interface as described in 237HTable 2.
4. Click Apply.
Table 2 Configuration items
Item Descri
p
tion
Interface Specify an interface on which dynamic NAT is to be enabled.
ACL
Specify an ACL for dynamic NAT.
You cannot associate an ACL with multiple NAT address pools, or associate an ACL
with both Easy IP and an address pool.
IMPORTANT:
On some devices, the rules of an ACL applied on an interface cannot conflict with one
another, that is, rules with the same source IP address, destination IP address, and VPN
instance are considered as a conflict. In a basic ACL (numbering 2000 to 2999), rules
with the same source IP address and VPN instance are considered as a conflict.
Address Transfer
Select an address translation mode:
• PAT—Refers to NAPT. In this mode, associating an ACL with an address pool
translates both IP addresses and port numbers.
• No-PAT—Refers to many-to-many NAT. In this mode, associating an ACL with an
address pool translates only IP addresses.
• Easy IP—In this mode, the NAT gateway directly uses an interface's public IP
address as the translated IP address, and uses an ACL to match IP packets.
Only one mode can be selected for an address pool.
Address Pool Index
Specify the index of a NAT address pool for dynamic NAT.
The NAT address pool must have been configured through NAT address
configuration.
If Easy IP is selected for Address Transfer, you do not need to enter an address pool
index.
Global VPN Instance
Specify the name of the instance to which the external IP addresses (that is, the NAT
address pool) belong.