Manualshelf

R3166-R3206-HP High-End Firewalls NAT and ALG Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
11121314151617181920
9
Use the undo nat dns-map command to remove a DNS mapping.
The maximum number of DNS mappings is 16.
Related commands: display nat dns-map.
Examples
# A company provides Web service to external users. The domain name of the internal server is
www.server.com, and the public IP address is 202.112.0.1. Configure a DNS mapping, so that internal
users can access the Web server using its domain name.
<Sysname> system-view
[Sysname] nat dns-map domain www.server.com protocol tcp ip 202.112.0.1 port www
nat outbound
Syntax
nat outbound [ acl-number ] [ address-group group-number [ no-pat ] ] [ track vrrp virtual-router-id ]
undo nat outbound [ acl-number ] [ address-group group-number ] [ no-pat ] ] [ track vrrp
virtual-router-id ]
View
Interface view
Default level
2: System level
Parameters
acl-number: ACL number, in the range 2000 to 3999.
address-group group-number: Specifies an address pool for NAT, in the range from 0 to 255.. If no
address pool is specified, the IP address of the interface will be used as the translated IP address, that is,
Easy IP is enabled.
no-pat: Indicates that no many-to-many NAT is implemented. If this keyword is not configured,
many-to-one NAT is implemented using the TCP/UDP port information.
track vrrp virtual-router-id: Associates address translation on a specified outbound interface with a VRRP
group. The virtual-router-id argument indicates the number of the VRRP group, in the range of 1 to 255.
Without this argument specified, no VRRP group is associated.
Description
Use the nat outbound command or the nat outbound acl-number command to associate an ACL with the
IP address of the interface and enable Easy IP.
Use the nat outbound acl-number address-group group-number no-pat command to associate an ACL
with an IP address pool for translation of only the IP address and enable many-to-many NAT.
Use the nat outbound address-group group-number command or the nat outbound acl-number
address-group group-number command to associate an ACL with an IP address pool for translation of
both the IP address and port number and enable NAPT.
Use the undo nat outbound command to remove an association.
If the acl-number argument is specified, a packet matching the associated ACL will be serviced by NAT.
If the acl-number argument is not specified, a packet whose source IP address is not the IP address of the
outbound interface will be serviced by NAT.