R2511-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V5)
127
Ste
p
Command
Remarks
2. Set NAT aging time
for a specified
protocol.
nat aging-time { dns | ftp-ctrl |
ftp-data | icmp | no-pat | pptp |
tcp | tcp-fin | tcp-syn | udp }
seconds
Optional.
The default NAT aging time varies by
protocol:
• 10 seconds for DNS.
• 300 seconds for FTP control links.
• 300 seconds for FTP data links.
• 10 seconds for ICMP.
• 240 seconds in NO-PAT mode.
• 300 seconds for PPTP.
• 300 seconds for TCP.
• 10 seconds for TCP FIN and RST
connections.
• 10 seconds for TCP SYN connections.
• 240 seconds for UDP.
Configuring NAT ALG
NAT ALG configuration supports multiple protocols.
To configure NAT ALG:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable NAT ALG.
nat alg { all | dns | ftp | h323 | ils | nbt | pptp |
sip }
Optional.
Enabled by default.
Configuring NAT logging
With NAT logging enabled, a NAT device logs IP address translation information such as the source IP
address, source port number, destination IP address, destination port number, translated source IP
address, translated source port number and user operations.
As multiple internal users share the same external IP address or the same range of external IP addresses
when accessing external networks through a NAT device, it is hard to identify each of the users. The NAT
logging function helps in tracking access of internal users to external networks, thus enhancing network
security.
NAT logging logs only access of internal network users to external networks. It does not log access of
external users to internal servers.
Enabling NAT logging
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A