R2511-HP MSR Router Series Layer 3 - IP Services Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

171

172

173

174

175

176

177

178

179

180

166

If an ACL is configured, NAPT mapping in endpoint-independent mapping behavior mode applies to

packets permitted by the ACL only. If no ACL is configured, NAPT mapping in that mode applies to all

packets.

Examples

# Apply the endpoint-independent mapping mode to all packets for address translation.

<Sysname> system-view

[Sysname] nat mapping-behavior endpoint-independent

# Apply the Endpoint-Independent Mapping mode to FTP and HTTP packets, and the Address and

Port-Dependent Mapping mode to other packets for address translation.

<Sysname> system-view

[Sysname] acl number 3000

[Sysname-acl-adv-3000] rule permit tcp destination-port eq 80

[Sysname-acl-adv-3000] rule permit tcp destination-port eq 21

[Sysname-acl-adv-3000] quit

[Sysname] nat mapping-behavior endpoint-independent acl 3000

nat outbound

Use nat outbound to associate an ACL with an address pool on the outbound interface.

Use undo nat outbound to remove an association.

Syntax

nat outbound [ acl-number ] [ [ address-group group-number [ vpn-instance vpn-instance-name ]

[ no-pat [ reversible ] ] ] | port-range port-range-start port-range-end ] [ track vrrp virtual-router-id ]

undo nat outbound [ acl-number ] [ [ address-group group-number [ vpn-instance vpn-instance-name ]

[ no-pat [ reversible ] ] ] | port-range port-range-start port-range-end ] [ track vrrp virtual-router-id ]

Views

Interface view

Default command level

2: System level

Parameters

acl-number: Specifies an ACL number in the range of 2000 to 3999.

address-group group-number: Specifies an address pool for NAT, in the range of 0 to 31. If no address

pool is specified, the IP address of the interface is used as the translated IP address. That is, Easy IP is

enabled.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the addresses of the address pool

belong. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. With this option,

inter-VPN access through NAT is supported. Without this option, the addresses in the address pool do

not belong to any VPN.

no-pat: Indicates that no many-to-many NAT is implemented. If this keyword is not configured,

many-to-one NAT is implemented using the TCP/UDP port information.

reversible: Allows reverse address translation. With this feature, after NAT creates an entry for an

internal host to access the Internet, NAT can use this entry to perform destination IP address translation

for new connections from the Internet to the public IP address of the internal host.