Manualshelf

R3721-F3210-F3171-HP High-End Firewalls NAT and ALG Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
11121314151617181920
14
nat server
Syntax
nat server [ acl-number ] [ index ] protocol pro-type global { global-address | interface interface-type
interface-number | current-interface } global-port1 global-port2 [ vpn-instance global-name ] inside
local-address1 local-address2 local-port [ vpn-instance local-name ] [ track vrrp virtual-router-id ]
undo nat server [ acl-number ] [ index ] protocol pro-type global { global-address | interface
interface-type interface-number | current-interface } global-port1 global-port2 [ vpn-instance
global-name ] inside local-address1 local-address2 local-port [ vpn-instance local-name ] [ track vrrp
virtual-router-id ]
View
Interface view
Default level
2: System level
Parameters
acl-number: Specifies an ACL by its number, in the range of 2000 to 3999. With this argument specified,
the device can control the destination IP address that the internal hosts can visit.
index: Index of the internal server.
protocol pro-type: Specifies a protocol type. pro-type supports TCP, UDP, and ICMP. If ICMP is specified,
do not specify port number for the internal server.
global-address: Public IP address for the internal server.
interface: Uses a specified interface address as the external IP address for the internal server, enabling
Easy IP.
interface-type interface-number: Specifies the interface type and interface number. Currently, only
loopback interface is supported and must be configured; otherwise the configuration is considered
illegal.
current-interface: Uses the current interface address as the external IP address for the internal server.
global-port1, global-port2: Specifies a range of ports that have a one-to-one correspondence with the IP
addresses of the internal hosts. Note that global-port2 must be greater than global-port1.
local-address1, local-address2: Defines a consecutive range of addresses that have a one-to-one
correspondence with the range of ports. Note that local-address2 must be greater than local-address1
and that the number of addresses must match that of the specified ports.
local-port: Port number provided by the internal server, in the range of 0 to 65535, excluding FTP port
number 20.
You can use the service names to represent those well-known port numbers. For example, you can
use www to represent port number 80, ftp to represent port number 21, and so on.
You can use the keyword any to represent port number 0, which means all types of services are
supported. This has the same effect as a static translation between the global-address and
local-address.
local-address: Internal IP address of the internal server.