F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
30
Figure 26 Network diagram
128BConfiguration procedure
# As shown in 253HFigure 26, configure the IP addresses for the interfaces. (Details not shown.)
# Configure a one-to-one static NAT mapping.
<Firewall> system-view
[Firewall] nat static 10.110.10.8 202.38.1.100
# Enable static NAT on interface GigabitEthernet 0/2.
[Firewall] interface gigabitethernet 0/2
[Firewall-GigabitEthernet0/2] nat outbound static
[Firewall-GigabitEthernet0/2] quit
63BDynamic NAT configuration example
129BNetwork requirements
As shown in 254HFigure 27, a company has three public IP addresses ranging from 202.38.1.1/24 to
202.38.1.3/24, and internal network address 10.110.0.0/16.
Figure 27 Network diagram
130BConfiguration procedure
# As shown in 255HFigure 27, configure the IP addresses for the interfaces. (Details not shown.)
# Configure address pool 1.
<Firewall> system-view
[Firewall] nat address-group 1 202.38.1.2 202.38.1.3
# Configure ACL 2001, permitting only users from network segment 10.110.10.0/24 to access the
Internet.
[Firewall] acl number 2001
[Firewall-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255
[Firewall-acl-basic-2001] rule deny
[Firewall-acl-basic-2001] quit