R3166-R3206-HP High-End Firewalls NAT and ALG Configuration Guide-6PW101
17
Configuring address translation
Introduction to address translation
A NAT device can be configured with or dynamically generate mappings to translate between internal
and external network addresses. Address translation can be classified into static and dynamic NAT.
• Static NAT
Mappings between external and internal network addresses are manually configured. Static NAT can
meet fixed access requirements of a few users.
• Dynamic NAT
A dynamic NAT entry is generated dynamically. Dynamic NAT is implemented by associating an ACL
with an address pool (or the address of an interface in the case of Easy IP). This association defines what
packets can use the addresses in the address pool (or the interface’s address) to access the external
network. Dynamic NAT is applicable to the network environment where a large number of internal users
need to access external networks. An IP address is selected from the associated address pool to translate
an outgoing packet. After the session terminates, the selected IP address is released.
Both static NAT and dynamic NAT support NAT multiple-instance as long as the VPN instance of an IP
address is provided.
Configuring static NAT
You need to configure static NAT in system view, and make it effective in interface view.
Static NAT supports two modes: one-to-one and net-to-net.At present, the device support one-to-one only.
Configuring one-to-one static NAT:
One-to-one static NAT translates a private IP address into a public IP address.
Follow these steps to configure one-to-one static NAT:
To do… Use the command…
Remarks
Enter system view system-view —
Configure a one-to-one static NAT
mapping
nat static [ acl-number ] local-ip
[ vpn-instance local-name ]
global-ip
Required
Enter interface view
interface interface-type
interface-number
—
Enable static NAT on the interface
nat outbound static [ track vrrp
virtual-router-id ]
Required
Support for track vrrp
virtual-router-id depends on the
device model.
Configuring dynamic NAT
Dynamic NAT is usually implemented by associating an ACL with an address pool (or the address of an
interface) on an interface.
• To select the address of an interface as the translated address, use Easy IP.
• To select an address from an address pool as the translated address, use No-PAT or NAPT for
dynamic address translation. No-PAT is used in many-to-many address translation but does not