R3303-HP HSR6800 Routers Layer 3 - IP Services Configuration Guide
100
Ste
p
Command
2. Configure a net-to-net static NAT mapping.
nat static net-to-net local-ip-address [ vpn-instance
local-name ] global-ip-address [ vpn-instance global-name ]
{ mask-length | mask }
3. Enter interface view.
interface interface-type interface-number
4. Enable static NAT on the interface.
nat outbound static [ track vrrp virtual-router-id ]
Configuring dynamic NAT
Dynamic NAT is usually implemented by associating an ACL with an address pool (or the address of an
interface) on an interface.
• To select the address of an interface as the translated address, use Easy IP.
• To select an address from an address pool as the translated address, use No-PAT or NAPT for
dynamic address translation. No-PAT is used in many-to-many address translation but does not
translate TCP/UDP port numbers. NAPT allows for many-to-one address translation by translating
also TCP/UDP port numbers.
Typically, a NAT entry is configured on the outbound interface of the NAT device. If internal hosts need
to access external networks through multiple outbound interfaces on the NAT device, you must configure
NAT entries on each of the interfaces. To avoid this, the device supports configuring a NAT entry on the
inbound interface on the NAT device. When hosts in a VPN want to access other VPNs through multiple
outbound interfaces on a NAT device, you can configure a NAT entry on the inbound interface on the
NAT device, simplifying NAT configuration.
When a packet from an internal host to the external network arrives:
• If it is the first packet and an address pool is associated with an outbound interface, NAT
determines whether to translate the packet based on the ACL. If yes, NAT chooses an address from
the associated address pool or gets the associated interface address, performs address translation,
and then saves the address mapping in the address translation table. All subsequent packets from
the internal host are serviced by NAT directly according to the mapping entry.
• If an address pool is associated with an inbound interface, NAT determines whether to translate the
packet based on the ACL (or packet source address). If yes, NAT redirects the packet to the NAT
board and performs address translation as in the above-mentioned process. This case does not
support Easy IP.
You need to configure a QoS policy to redirect packets to a NAT board. Use one of the following
keywords in the if-match command to configure the match criteria: acl, customer-vlan-id,
destination-mac, dscp ip-precedence, protocol, service-dot1p, service-vlan-id, and source-mac.
For more information, see ACL and QoS Configuration Guide.
• If both the inbound and outbound interfaces of a NAT device are associated with an address pool,
a packet matching both of them uses an address from the address pool associated with the
outbound interface for address translation.
Configuration prerequisites
• Configure an ACL to specify IP addresses permitted to be translated. For more information about
ACL, see ACL and QoS Configuration Guide.
• Determine whether to use an interface's IP address as the translated source address.
• Determine a public IP address pool for address translation.