F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
26
122BConfiguring NAT address pools
You can configure NAT address pools in two ways:
• Configure an address pool that consists of a set of consecutive addresses.
• Configure an address group that can contain several members. Each member specifies an address
pool that consists of a set of consecutive addresses. The address pools of members may not be
consecutive.
The NAT device selects an IP address from a specific NAT address pool as the source address of a
packet.
To configure an address pool:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Configure an address
pool.
nat address-group group-number start-address
end-address [ level level ]
Address pools must not
overlap.
To configure an address group:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create an address group and
enter its view.
nat address-group
group-number
N/A
3. Add a member to the address
group.
address start-address
end-address
The IP address pools of address group
members must not overlap with each other
or with other address pools.
123BConfiguring Easy IP
Easy IP allows the device to use the IP address of one of its interfaces as the source address of NATed
packets.
To configure Easy IP:
Ste
p
Command
1. Enter system view.
system-view
2. Enter interface view. interface interface-type interface-number
3. Enable Easy IP by associating an ACL with
the IP address of the interface.
nat outbound [ acl-number ] [ next-hop ip-address ] [ track
vrrp virtual-router-id ]
124BConfiguring No-PAT
With a specific ACL associated with an address pool or interface address, No-PAT translates the source
address of a packet permitted by the ACL into an IP address of the address pool or the interface address,
without using the port information.
To configure No-PAT: