4000 Router Series Layer 3 - IP Services Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

161

162

163

164

165

166

167

168

169

170

154

no-pat: Uses NO-PAT for outbound NAT. If you do not specify this keyword, PAT is used. PAT only

supports TCP, UDP, and ICMP query packets. For an ICMP packet, the ICMP ID is used as its source port

number.

reversible: Allows reverse address translation. NAT translates the destination IP address of the packets of

a connection originating from an external host to the NAT address based on the existing NO-PAT entry.

port-preserved: Tries to preserve port number for PAT.

Usage guidelines

Configure outbound dynamic NAT on the interface that connects the external network to translate private

IP addresses into public IP addresses.

Outbound dynamic NAT supports the following modes:

• PAT—Performs port translation in addition to IP address translation.

• NO-PAT—Performs only IP address translation.

An address group can be used by only one inbound or outbound NAT rule.

An ACL can be used by only one outbound dynamic NAT rule an interface.

You can configure multiple outbound dynamic NAT rules on an interface.

Outbound dynamic NAT rules with ACLs configured on an interface takes precedence over those without

ACLs. An outbound dynamic NAT rule with a high ACL number takes effect over that with a low ACL

number.

Examples

# Configure ACL 2001, and create a rule to permit packets only from segment 10.110.10.0/24 to pass

through.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255

[Sysname-acl-basic-2001] rule deny

[Sysname-acl-basic-2001] quit

# Configure address pool 1 and add members to the group.

[Sysname] nat address-group 1

[Sysname-nat-address-group-1] address 202.110.10.10 202.110.10.12

# Configure an outbound dynamic PAT rule on interface Ethernet 1/1 to translate the source addresses

of outgoing packets permitted by ACL 2001 into the addresses in address group 1.

[Sysname] interface ethernet 1/1

[Sysname-Ethernet1/1] nat outbound 2001 address-group 1

# Configure an outbound NO-PAT rule on interface Ethernet 1/1 to translate the source addresses of

outgoing packets permitted by ACL 2001 into the addresses in address pool 1.

<Sysname> system-view

[Sysname] interface ethernet 1/1

[Sysname-Ethernet1/1] nat outbound 2001 address-group 1 no-pat

# Enable Easy IP to use the IP address of Ethernet 1/1 as translated address.

<Sysname> system-view