R2511-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V5)
122
If the NAT configuration (address translation or internal server configuration) on an interface is changed,
save the configuration and reboot the device (or use the reset nat session command to manually clear the
relevant NAT entries), to avoid the following problems:
• After you delete the NAT-related configuration, address translation can still work for sessions
already created.
• If you configure NAT when NAT is running, the same configuration might have different results
because of different configuration orders.
Configuring address translation
A NAT device can be configured with or dynamically generate mappings to translate between internal
and external network addresses. Address translation can be classified into static and dynamic NAT.
• Static NAT—Mappings between external and internal network addresses are manually configured.
Static NAT can meet fixed access requirements of a few users.
• Dynamic NAT—A dynamic NAT entry is generated dynamically. Dynamic NAT is implemented by
associating an ACL with an address pool (or the address of an interface in the case of Easy IP). This
association defines what packets can use the addresses in the address pool (or the interface's
address) to access the external network. An IP address is selected from the associated address pool
to translate an outgoing packet. After the session terminates, the selected IP address is released.
Dynamic NAT can meet external access requirements of a large number of users.
Both static NAT and dynamic NAT support NAT multiple-instance as long as the VPN instance of an IP
address is provided.
Configuring static NAT
You must configure static NAT in system view, and make it effective in interface view.
Static NAT supports two modes: one-to-one and net-to-net.
Configuring one-to-one static NAT
One-to-one static NAT translates a private IP address into a public IP address.
To configure one-to-one static NAT:
Ste
p
Command
1. Enter system view.
system-view
2. Configure a one-to-one static NAT
mapping.
nat static [ acl-number ] local-ip [ vpn-instance local-name ]
global-ip [ vpn-instance global-name ]
3. Enter interface view.
interface interface-type interface-number
4. Enable static NAT on the interface.
nat outbound static [ track vrrp virtual-router-id ]
Configuring net-to-net static NAT
Net-to-net static NAT translates a private network into a public network.
To configure net-to-net static NAT: