Manualshelf

R3166-R3206-HP High-End Firewalls NAT and ALG Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
31323334353637383940
34
Figure 24 Network diagram for FTP ALG configuration
2. Configuration procedure
# Configure the address pool and ACL.
<Firewall> system-view
[Firewall] nat address-group 1 5.5.5.9 5.5.5.11
[Firewall] acl number 2001
[Firewall-acl-basic-2001] rule permit
[Firewall-acl-basic-2001] quit
# Enable ALG for FTP.
[Firewall] alg ftp
# Configure NAT.
[Firewall] interface ethernet 1/1
[Firewall-Ethernet1/1] nat outbound 2001 address-group 1
# Configure internal FTP server.
[Firewall-Ethernet1/1] nat server protocol tcp global 5.5.5.10 ftp inside 192.168.1.2 ftp
SIP/H.323 ALG configuration example
NOTE:
H.323 ALG configuration is similar to SIP ALG configuration. The following takes SIP ALG confi
g
uration
as an example.
1. Network requirements
As shown in Figure 22, a c
ompany accesses the Internet through a firewall with NAT and ALG enabled.
The inside network segment of the company is 192.168.1.0/24. Configure NAT and ALG to meet the
following requirements:
SIP UA 1 in the inside network and SIP UA 2 in the outside network can communicate with their
aliases.
The company has four public network addresses: 5.5.5.1, 5.5.5.9, 5.5.5.10, and 5.5.5.11. S I P UA 1
selects one from the range 5.5.5.9 to 5.5.5.11 as its public network address when registering with
the SIP server in the outside network.