R2511-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V5)
133
[Router] connection-limit policy 1
[Router-connection-limit-policy-1] limit 0 acl 2002 per-destination amount 1000 200
[Router-connection-limit-policy-1] quit
# Apply connection limit policy 1 to NAT.
[Router] nat connection-limit-policy 1
Dynamic NAT configuration example 2
Network requirements
As shown in Figure 59, a company has three public IP addresses in the range of 202.38.1.1/24 to
202.38.1.3/24, and a private network segment of 10.110.0.0/16. Specifically, the company requires
that the internal users in subnet 10.110.10.0/24 can access the Internet through NAT.
Figure 59 Network diagram
Configuration procedure
# As shown in Figure 59, configure IP addresses for the interfaces. (Details not shown.)
# Configure address pool 1.
<Router> system-view
[Router] nat address-group 1 202.38.1.2 202.38.1.3
# Configure ACL 2001, permitting only users from network segment 10.110.10.0/24 to access the
Internet.
[Router] acl number 2001
[Router-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255
[Router-acl-basic-2001] rule deny
[Router-acl-basic-2001] quit
# Associate address pool 1 and ACL 2001 with the outbound interface GigabitEthernet 1/2, and
implement NAPT.
[Router] interface gigabitethernet 1/2
[Router-GigabitEthernet1/2] nat outbound 2001 address-group 1
[Router-GigabitEthernet1/2] quit