F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
33
[Firewall] quit
135BVerifying the configuration
# After completing the configurations, display the DNS mapping configuration information.
<Firewall> display nat dns-map
NAT DNS mapping information:
There are currently 2 NAT DNS mapping(s)
Domain-name: www.server.com
Global-IP : 202.38.1.2
Global-port: 80(www)
Protocol : 6(TCP)
Domain-name: ftp.server.com
Global-IP : 202.38.1.2
Global-port: 21(ftp)
Protocol : 6(TCP)
Host A and Host B can use the domain name www.server.com to access the Web server, and use
ftp.server.com to access the FTP server.
10B
Troubleshooting NAT
66BSymptom 1
Abnormal translation of IP addresses.
67BSolution
1. Enable debugging for NAT. Try to locate the problem based on the debugging display.
2. Use other commands, if necessary, to further identify the problem. Pay special attention to the
source address after the address translation and make sure this address is the address that you
intend to change to. If not, there may be an address pool bug.
3. Make sure a route is available between the destination network and the address pool segment.
4. Be aware of the possible effects that the firewall or the ACLs have to NAT, and also note the route
configurations.
68BSymptom 2
The internal server functions abnormally.
69BSolution
1. Verify that the internal server host is properly configured.
2. Verify the router is correctly configured with respect to the internal server parameters, such as the
internal server IP address.
3. Use the display acl command to verify that the firewall permits external access to the internal
network. For more information about firewall, see Attack Protection Configuration Guide.