F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
46
3BNAT444
The device does not support stateful failover of the NAT444 feature.
NAT444 can be configured only at the CLI.
25B
Feature and hardware compatibility
Hardware NAT444
com
p
atible
F1000-A-EI/F1000-S-EI No
F1000-E No
F5000 No
Firewall module Yes
U200-A No
U200-S No
26B
Overview
NAT444 translates an IPv4 address to another IPv4 address to a third IPv4 address. Compared to
transition technologies like DS-lite, NAT64, 6RD, and dual stack, it costs less on the accessing devices
and services by only doubling the NAT at the carrier grade.
27B
Features
82BAssigning port blocks
NAT444 applies to the scenario where multiple users use a public address for accessing services and
solves the user tracing problem by assigning port blocks.
As shown in
274HFigure 34, after NAT444 translation, internal users at 10.1.1.1 and 10.1.1.2 use the same
public address but different port numbers for accessing Internet services.
Figure 34 Assigning port blocks