R3721-F3210-F3171-HP High-End Firewalls NAT and ALG Configuration Guide-6PW101
23
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Configure an address
pool.
nat address-group
group-number start-address
end-address
Not necessary when the router provides only
Easy IP, where an interface's public IP
address is used as the translated IP address.
To configure an address group:
Ste
p
Command
1. Enter system view. system-view
2. Create an address group and enter its view.
nat address-group group-number
3. Add a member to the address group. address start-address end-address
NOTE:
• Address pools must not overlap.
• The IP address pools of address
g
roup members must not overlap with each other or with other address
pools.
Configuring Easy IP
Easy IP allows the firewall to use the IP address of one of its interfaces as the source address of NATed
packets.
To configure Easy IP:
Ste
p
Command
1. Enter system view.
system-view
2. Enter interface view. interface interface-type interface-number
3. Enable Easy IP by associating an ACL with the IP
address of the interface.
nat outbound [ acl-number ] [ track vrrp
virtual-router-id ]
Configuring No-PAT
With a specific ACL associated with an address pool or interface address, No-PAT translates the source
address of a packet permitted by the ACL into an IP address of the address pool or the interface address,
without using the port information.
To configure No-PAT:
Ste
p
Command
1. Enter system view. system-view
2. Enter interface view.
interface interface-type interface-number
3. Configure No-PAT by associating an ACL with an
IP address pool on the outbound interface for
translating only IP addresses.
nat outbound [ acl-number ] address-group
group-number [ vpn-instance vpn-instance-name ]
no-pat [ track vrrp virtual-router-id ]