F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices NAT and ALG Configuration Guide-6PW100
Table Of Contents
- Title Page
- Table of Contents
- Configuring NAT
- Overview
- Configuration guidelines
- Configuring NAT in the Web interface
- Recommended configuration procedure
- Creating an address pool
- Configuring dynamic NAT on an interface
- Creating a static address mapping
- Enabling static NAT on an interface
- Configuring an internal server
- Configuring ACL-based NAT on the internal server
- Configuring DNS mapping
- NAT configuration example
- Internal server configuration example
- Configuring NAT at the CLI
- NAT configuration task list
- Configuring static NAT
- Configuring dynamic NAT
- Configuring an internal server
- Configuring ACL-based NAT on an internal server
- Configuring DNS mapping
- Displaying and maintaining NAT
- One-to-one static NAT configuration example
- Dynamic NAT configuration example
- Common internal server configuration example
- NAT DNS mapping configuration example
- Troubleshooting NAT
- Configuring NAT-PT
- Feature and hardware compatibility
- Overview
- NAT-PT configuration task list
- Configuration prerequisites
- Enabling NAT-PT
- Configuring a NAT-PT prefix
- Configuring IPv4/IPv6 address mappings on the IPv6 side
- Configuring IPv4/IPv6 address mappings on the IPv4 side
- Setting the ToS field after NAT-PT translation
- Setting the traffic class field after NAT-PT translation
- Configuring static NAPT-PT mappings of IPv6 servers
- Displaying and maintaining NAT-PT
- NAT-PT configuration examples
- Troubleshooting NAT-PT
- NAT444
- Configuring ALG
- Support and other resources
- Index
67
Figure 57 Network diagram
153BConfiguration procedure
This section describes ALG configuration only, assuming that other required configurations on the server
and client have been done.
# Configure the address pool and ACL.
<Firewall> system-view
[Firewall] nat address-group 1 5.5.5.9 5.5.5.11
[Firewall] acl number 2001
[Firewall-acl-basic-2001] rule permit source 192.168.1.0 0.0.0.255
[Firewall-acl-basic-2001] rule deny
[Firewall-acl-basic-2001] quit
# Enable ALG for SIP.
[Firewall] alg sip
# Configure NAT.
[Firewall] interface gigabitethernet 0/2
[Firewall-GigabitEthernet0/2] nat outbound 2001 address-group 1
98BNBT ALG configuration example
154BNetwork requirements
As shown in 288HFigure 58, a company using the private network segment 192.168.1.0/24 wants to provide
NBT services to the outside.
Configure NAT and ALG on the firewall so that Host A uses 5.5.5.9 as its external IP address, the WINS
server uses 5.5.5.10 as its external IP address, and Host B can access the WINS server and Host A by
using host names.
Figure 58 Network diagram