Manualshelf

R3204P16-HP Load Balancing Module Network Management Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
919293949596979899100
88
When the undo nat outbound command is executed to remove an association, the NAT address
mapping entries depending on the association are not deleted; they will be aged out automatically
after 5 to 10 minutes. During this period, the involved users cannot access external networks
whereas all the other users are not affected.
When an ACL rule is not operative, no new NAT session entry depending on the rule can be
created. However, existing connections are still available for communication.
If a packet matches the specified next hop, the packet will be translated using an IP address in the
address pool; if not, the packet will not be translated.
You can bind an ACL to only one address pool on an interface; an address pool can be bound to
multiple ACLs.
In stateful failover networking, make sure that you associate each address pool configured on an
interface with one VRRP group only; otherwise, the system associates the address pool with the
VRRP group having the highest group ID.
NOTE:
For some devices, the ACL rules referenced by the same interface cannot conflict. The source IP address
and destination IP address in any two ACL rules cannot be the same. For basic ACLs (numbered from
2000 to 2999), if the source IP address in any two ACL rules are the same, a conflict occurs.
Examples
# Enable NAT for hosts on the 10.110.10.0/24 segment, using addresses 202.110.10.10 through
202.110.10.12 as the external IP addresses. Assume that interface Ten-GigabitEthernet 0/0.1 is
connected to the external network.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255
[Sysname-acl-basic-2001] rule deny
[Sysname-acl-basic-2001] quit
[Sysname] nat address-group 1 202.110.10.10 202.110.10.12
# To use TCP/UDP port information in translation, do the following:
[Sysname] interface Ten-GigabitEthernet 0/0.1
[Sysname-Ten-GigabitEthernet0/0.1] nat outbound 2001 address-group 1
# To ignore the TCP/UDP port information in translation, do the following:
<Sysname> system-view
[Sysname] interface Ten-GigabitEthernet 0/0.1
[Sysname-Ten-GigabitEthernet0/0.1] nat outbound 2001 address-group 1 no-pat
# To use the IP address of the Ten-GigabitEthernet 0/0.1 interface, do the following:
<Sysname> system-view
[Sysname] interface Ten-GigabitEthernet0/0.1
[Sysname-Ten-GigabitEthernet0/0.1] nat outbound 2001
nat outbound static
Syntax
nat outbound static [ track vrrp virtual-router-id ]
undo nat outbound static [ track vrrp virtual-router-id ]