F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
49
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Configure a NAT444
static IP-port mapping.
nat444 static local local-start-address
local-end-address [ vpn-instance local-name ]
global global-start-address global-end-address
port-range port-range-start port-range-end
block-size block-size
The command takes effect
globally.
3. Enter interface view.
interface interface-type interface-number N/A
4. Enable static NAT444
on the interface to
make the static IP-port
mapping take effect.
nat outbound static
The command applies to
the interface.
To configure a NAT444 static IP-port mapping in interface view:
Ste
p
Command
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Configure a NAT444 static IP-port
mapping.
nat444 static local local-start-address local-end-address
[ vpn-instance local-name ] global global-start-address
global-end-address port-range port-range-start port-range-end
block-size block-size
4. Enable static NAT444 on the
interface to make the static IP-port
mapping take effect.
nat outbound static
30B
Configuring NAT444 dynamic IP-port mappings
NAT444 dynamic IP-port mappings combine traditional dynamic NAT associations (configured with nat
outbound acl) and NAT444 static IP-port mappings. When an internal user accesses the Internet,
NAT444 translates the source addresses of the outbound packets permitted by the associated ACL.
NAT444 assigns a dynamic IP port block from the associated public address pool to the user for the first
connection. For the following connections of the user, the public port is obtained from the assigned port
block for the source address's translation. When all connections from the user are closed, the assigned
IP-port block is released.
Associate an ACL with an address pool on an interface to enable dynamic NAT444.
Configure dynamic NAT444 on the outbound interface of a NAT device, and if needed, configure it on
multiple outbound interfaces for an internal host.
88BConfiguration prerequisites
• Configure an ACL to specify IP addresses permitted to be translated.
• Configure a public IP address pool for address translation.
For configurations about ACL, address pool, and address group, see Access Control Configuration
Guide and "Configuring NAT".