Manualshelf

R3721-F3210-F3171-HP High-End Firewalls NAT and ALG Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
11121314151617181920
11
Use undo nat dns-map to remove a DNS mapping.
Related commands: display nat dns-map.
Examples
# A company provides Web service to external users. The domain name of the internal server is
www.server.com, and the public IP address is 202.112.0.1. Configure a DNS mapping, so that internal
users can access the Web server using its domain name.
<Sysname> system-view
[Sysname] nat dns-map domain www.server.com protocol tcp ip 202.112.0.1 port www
nat outbound
Syntax
nat outbound [ acl-number ] [ address-group group-number [ vpn-instance vpn-instance-name ] [ no-pat
| port-preserved ] ] [ track vrrp virtual-router-id ]
undo nat outbound [ acl-number ] [ address-group group-number [ vpn-instance vpn-instance-name ]
[ no-pat | port-preserved ] ] [ track vrrp virtual-router-id ]
View
Interface view
Default level
2: System level
Parameters
acl-number: ACL number, in the range of 2000 to 3999.
address-group group-number: Specifies an address pool for NAT. If no address pool is specified, the IP
address of the interface will be used as the translated IP address, that is, Easy IP is enabled.
vpn-instance vpn-instance-name: Specifies the L3VPN to which the addresses of the address pool belong.
The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. With this option,
inter-VPN access through NAT is supported. Without this option, the addresses in the address pool do
not belong to any VPN.
no-pat: Indicates that no many-to-many NAT is implemented. If this keyword is not configured,
many-to-one NAT is implemented using the TCP/UDP port information.
port-preserved: Indicates that the source port information is preserved in many-to-one NAT.
track vrrp virtual-router-id: Associates address translation on a specified outbound interface with a VRRP
group. The virtual-router-id argument indicates the number of the VRRP group, in the range of 1 to 255.
Without this argument specified, no VRRP group is associated.
Description
Use nat outbound or nat outbound acl-number to associate an ACL with the IP address of the interface
and enable Easy IP.
Use nat outbound acl-number address-group group-number no-pat to associate an ACL with an IP
address pool for translation of only the IP address and enable many-to-many NAT.
Use nat outbound address-group group-number or the nat outbound acl-number address-group
group-number to associate an ACL with an IP address pool for translation of both the IP address and port
number and enable NAPT.