Manualshelf

R3166-R3206-HP High-End Firewalls NAT and ALG Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
20
internal/external network information configurations, internal servers can be classified into common
internal servers and load sharing internal servers.
Both internal servers and their external IP addresses can support VPN. If an internal server belongs to an
VPN, you also need to specify the vpn-instance-name argument. Without this argument specified, the
internal server does not belong to any VPN.
2. Configuring a common internal server
After mapping the internal IP address/port number (local-address and local-port) of a common internal
server to an external IP address/port number (global-address and global-port), hosts in external
networks can access the server located in the internal network.
Follow these steps to configure a common internal server (III):
To do… Use the command…
Remarks
Enter system view system-view
Enter interface view
interface interface-type
interface-number
Configure a common internal server
nat server protocol pro-type
global { global-address |
current-interface | interface
interface-type interface-number }
[ global-port ] inside local-address
[ local-port ] [ vpn-instance
local-name ] [ track vrrp
virtual-router-id ]
Required
CAUTION:
The device supports using the interface address as the external address of an internal server, which is the
Easy IP feature. If you want to specify an interface, the interface must be a loopback interface and mus
t
already exist.
If you confi
g
ure an internal server usin
g
Easy IP but do not confi
g
ure an IP address for the interface, the
internal server configuration does not take effect.
Support for internal server using Easy IP depends on the device model.
Configuring DNS mapping
With DNS mapping, an internal host can access an internal server on the same private network by using
the domain name of the internal server when the DNS server resides on the public network.
Follow these steps to configure a DNS mapping:
To do… Use the command…
Remarks
Enter system view system-view
Configure a DNS mapping
nat dns-map domain
domain-name protocol pro-type ip
global-ip port global-port
Required
Setting NAT connection limits
For more information about NAT connection limits, see NAT and ALG Configuration Guide.