Manualshelf

R3166-R3206-HP High-End Firewalls NAT and ALG Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
11121314151617181920
12
protocol pro-type: Specifies a protocol type. pro-type supports TCP, UDP, and ICMP. If ICMP is specified,
do not specify port number for the internal server.
global-address: Public IP address for the internal server.
interface: Uses a specified interface address as the external IP address for the internal server, enabling
Easy IP.
interface-type interface-number: Specifies the interface type and interface number. Currently, only
loopback interface is supported and must be configured; otherwise the configuration is considered
illegal.
current-interface: Uses the current interface address as the external IP address for the internal server.
global-port: Global port number for the internal server, in the range 0 to 65535.
local-address: Internal IP address of the internal server.
vpn-instance local-name: Specifies the VPN to which the internal server belongs. The local-name
argument is a case-sensitive string of 1 to 31 characters. Without this parameter, the internal server does
no belong to any VPN.
track vrrp virtual-router-id: Associates the internal server with a VRRP group. The virtual-router-id
argument indicates the number of the VRRP group to be associated. Without this keyword and argument
combination specified, no VRRP group is associated.
Description
Use the nat server command to define an internal server.
Using the address and port defined by the global-address and global-port parameters, external users
can access the internal server with an IP address of local-address and a port of local-port.
Use the undo nat server command to remove the configuration.
Note that:
If one of the two arguments global-port and local-port is set to any, the other must also be any or
remain undefined.
Using this command, you can configure internal servers (such as Web, FTP, Telnet, POP3, and DNS
servers) to provide services for external users. An internal server can reside in an internal network
or an VPN.
The maximum number of internal server configuration commands is 255. The number of internal
servers that each command can define equals the difference between global-port2 and
global-port1. Up to 4096 internal servers can be configured on an interface. The system allows up
to 1024 internal server configuration commands.
In general, this command is configured on an interface that serves as the egress of an internal
network and connects to the external network.
Currently, the device supports using an interface address as the external IP address of an internal
server, which is Easy IP. If you specify the current-interface keyword, the internal server uses the
current primary IP address of the current interface. If you use interface { interface-type
interface-number } to specify an interface, the interface must be an existing loopback interface and
the current primary IP address of the loopback interface is used.
HP recommends that if an internal server using Easy IP is configured on the current interface, the IP
address of this interface should not be configured as the external address of another internal server;
vice versa. This is because that the interface address that is referenced by the internal server using
Easy IP serves as the external address of the internal server.