F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
25
56BConfiguring static NAT
Static NAT supports NAT multiple-instance as long as the VPN instance of an IP address is provided.
Static NAT supports two modes: one-to-one and net-to-net.
119BConfiguring one-to-one static NAT
One-to-one static NAT translates a private IP address into a public IP address.
To configure one-to-one static NAT:
Ste
p
Command
1. Enter system view.
system-view
2. Configure a one-to-one static NAT
mapping.
nat static [ acl-number ] local-ip [ vpn-instance local-name ]
global-ip [ vpn-instance global-name ]
3. Enter interface view.
interface interface-type interface-number
4. Enable static NAT on the interface. nat outbound static [ track vrrp virtual-router-id ]
120BConfiguring net-to-net static NAT
Net-to-net static NAT translates a private network into a public network.
To configure net-to-net static NAT:
Ste
p
Command
1. Enter system view.
system-view
2. Configure a net-to-net static NAT mapping.
nat static [ acl-number ] net-to-net local-network
[ vpn-instance local-name ] global-network
[ vpn-instance global-name ] { mask-length | mask }
3. Enter interface view.
interface interface-type interface-number
4. Enable static NAT on the interface. nat outbound static [ track vrrp virtual-router-id ]
57BConfiguring dynamic NAT
Dynamic NAT support NAT multiple-instance as long as the VPN instance of an IP address is provided.
121BConfiguration prerequisites
• Configure an ACL to specify IP addresses permitted to be translated. For more information about
ACL, see Access Control Configuration Guide.
• Determine whether to use an interface's IP address as the translated source address.
{ To select the address of an interface as the translated address, use Easy IP.
{ To select an address from an address pool as the translated address, use No-PAT or NAPT for
dynamic address translation. No-PAT is used in many-to-many address translation but does not
translate TCP/UDP port numbers. NAPT allows for many-to-one address translation by
translating also TCP/UDP port numbers.
• Determine a public IP address pool for address translation.
• Determine whether to translate port information.