R0106-HP MSR Router Series Layer 3 - IP Services Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router

171

172

173

174

175

176

177

178

179

180

160

nat inbound

Use nat inbound to configure an inbound dynamic NAT rule on an interface.

Use undo nat inbound to remove the specified inbound dynamic NAT rule.

Syntax

nat inbound acl-number address-group group-number [ vpn-instance vpn-instance-name ] [ no-pat

[ reversible ] [ add-route ] ]

undo nat inbound acl-number

Default

No inbound dynamic NAT rule is configured.

Views

Interface view

Predefined user roles

network-admin

Parameters

acl-number: Specifies an ACL number in the range of 2000 to 3999.

address-group group-number: Specifies an address group for address translation. The value for the

group-number argument is 0 to 65535.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the addresses in the

address group belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters.

To specify addresses in the public network, do not use this option.

no-pat: Uses NO-PAT for inbound NAT. If you do not specify this keyword, PAT is used. PAT supports only

TCP, UDP, and ICMP query packets. For an ICMP packet, the ICMP ID is used as its source port number.

reversible: Allows reverse address translation. NAT translates the destination IP address of the packets of

a connection originating from an internal host to the NAT address based on the existing NO-PAT entry.

add-route: Adds a route to the NAT address when address translation is performed for a packet. The

output interface is the NAT interface and the next-hop is the source address before translation. If you do

not specify this keyword, you must manually add the route. HP recommends that you specify this

keyword.

Usage guidelines

If an incoming packet matches a permit rule of the specified ACL on the interface with inbound dynamic

NAT configured, the source IP address of the packet is translated into an address in the address group

specified by the group-number argument.

Inbound dynamic NAT supports the PAT and NO-PAT modes.

• PAT—Performs port translation in addition to IP address translation.

• NO-PAT—Performs only IP address translation.

Inbound dynamic NAT typically operates with one of the following to implement bidirectional NAT:

• Outbound dynamic NAT (the nat outbound command).

• The NAT Server feature (the nat server command).

• Outbound static NAT (the nat static command).