Manualshelf

R3721-F3210-F3171-HP High-End Firewalls NAT and ALG Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
58596061626364656667
58
The H.323 ALG configuration is similar to the SIP ALG configuration. This example describes the SIP ALG
configuration.
Network requirements
As shown in Figure 54, a company uses the private network segment 192.168.1.0/24, and has four
public network addresses: 5.5.5.1, 5.5.5.9, 5.5.5.10, and 5.5.5.11. SIP UA 1 is on the internal network
and SIP UA 2 is on the external network.
Configure NAT and ALG on the Firewall so that SIP UA 1 and SIP UA 2 can communicate by using their
aliases, and SIP UA 1 selects an IP address from the range 5.5.5.9 to 5.5.5.11 when registering with the
SIP server on the external network.
Figure 54 Network diagram
Configuration procedure
# Configure the address pool and ACL.
<Firewall> system-view
[Firewall] nat address-group 1 5.5.5.9 5.5.5.11
[Firewall] acl number 2001
[Firewall-acl-basic-2001] rule permit source 192.168.1.0 0.0.0.255
[Firewall-acl-basic-2001] rule deny
[Firewall-acl-basic-2001] quit
# Enable ALG for SIP.
[Firewall] alg sip
# Configure NAT.
[Firewall] interface GigabitEthernet 0/2
[Firewall-GigabitEthernet0/2] nat outbound 2001 address-group 1
NBT ALG configuration example
Network requirements
As shown in Figure 55, a company using the private network segment 192.168.1.0/24 wants to provide
NBT services to the outside.
Configure NAT and ALG on the Firewall so that Host A uses 5.5.5.9 as its external IP address, the WINS
server uses 5.5.5.10 as its external IP address, and Host B can access the WINS server and Host A by
using host names.