4000 Router Series Layer 3 - IP Services Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

171

172

173

174

175

176

177

178

179

180

161

vpn-instance local-name: Specifies the MPLS L3VPN instance to which an internal IP address belongs.

The local-name argument is a case-sensitive string of 1 to 31 characters. To specify a public IP address,

do not use this parameter.

acl acl-number: Specifies an ACL number in the range of 3000 to 3999.

reversible: Translates the destination address of a packet that originates from internal hosts to the

external host if the packet is permitted by ACL reverse matching.

Usage guidelines

When the source IP address of a packet from the public network to the private network matches the

global-ip, the IP address is translated to the local-ip. When the destination IP address of a packet from

the private matches the local-ip, the source IP address is translated to the global-ip.

• If you do not specify an ACL, the source addresses of all incoming packets and the destination

addresses of all outgoing packets are translated.

• If you specify an ACL and do not specify the reversible keyword, the source addresses of incoming

packets permitted by the ACL are translated. The destination addresses of packets originating from

internal hosts to the external are not translated.

• If you specify both an ACL and the reversible keyword, the source addresses of incoming packets

permitted by the ACL are translated. If packets originating from internal hosts to the external are

permitted by ACL reverse matching, the destination address is translated.

Static NAT takes precedence over dynamic NAT when both are configured on an interface.

You can configure multiple inbound static NAT mappings by using the nat static inbound command and

the nat static inbound net-to-net command.

Examples

# Configure an inbound static NAT mapping between external IP address 2.2.2.2 and internal IP

address 192.168.1.1.

<Sysname> system-view

[Sysname] nat static inbound 2.2.2.2 192.168.1.1

Related commands

• display nat all

• display nat static

• nat static enable

nat static inbound net-to-net

Use nat static inbound net-to-net to configure a net-to-net mapping for inbound static NAT.

Use undo nat static inbound net-to-net to remove a net-to-net mapping for inbound static NAT.

Syntax

nat static inbound net-to-net global-start-address global-end-address [ vpn-instance global -name ] local

local-network { mask-length | mask } [ vpn-instance local-name ] [ acl acl-number [ reversible ] ]

undo nat static inbound net-to-net global-start-address global-end-address [ vpn-instance global -name ]

Default

No NAT mapping exists.