R3166-R3206-HP High-End Firewalls NAT and ALG Configuration Guide-6PW101
31
2.
Configure an ACL.
# Create a basic ACL.
• Select Firewall > ACL from the navigation tree and then on the page that appears, click Add.
• Type 2001 in the ACL Number text box.
• Click Apply.
# Create an ACL rule.
• Click the icon of ACL 2001 to enter the ACL rule configuration page. Then click Add.
• Select Permit as the operation.
• Select the Source IP Address check box, type192.168.1.0 as the source IP address, and type
0.0.0.255 as the source wildcard.
• Click Apply.
• Click Add.
• Select Deny as the operation.
• Click Apply.
3.
Configure dynamic NAT.
# Configure the address pool.
• Select Firewall > NAT Policy > Dynamic NAT from the navigation tree. In the Address Pool area,
click Add.
• Type 1 in the Index text box.
• Type 5.5.5.9 as the start IP address.
• Type 5.5.5.11 as the end IP address.
• Click Apply.
# Configure dynamic NAT.
• In the Dynamic NAT area, click Add.
• Select GigabitEthernet0/1.
• Type 2001 for the ACL field.
• Select PAT as the address translation.
• Type 1 as the address pool index.
• Click Apply.
NBT ALG configuration example
Network requirements
As shown in Figure 23, a company accesses the Internet through a firewall with NAT and ALG enabled.
The company provides NBT services to the outside. The inside network segment of the company is
192.168.1.0/24. Configure NAT and ALG to meet the following requirements:
• Host B can access the WINS server and Host A with host names.
• Host A uses 5.5.5.9 as its external IP address, and the WINS server uses 5.5.5.10 as its external IP
address.