4000 Router Series Layer 3 - IP Services Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

171

172

173

174

175

176

177

178

179

180

162

Views

System view

Predefined user roles

network-admin

Parameters

global-start-address global-end-address: Specifies an external address pool which can contain a

maximum of 255 addresses. The global-end-address must not be lower than global-start-address. If they

are the same, the external address pool has only one address.

vpn-instance global-name: Specifies the MPLS L3VPN instance to which an external IP address belongs.

The global-name argument is a case-sensitive string of 1 to 31 characters. To specify a public IP address,

do not use this parameter.

local-network: Specifies an internal network address.

mask-length: Specifies the mask length of the internal network address, in the range of 8 to 31.

mask: Specifies the mask of the internal network address.

vpn-instance local-name: Specifies the MPLS L3VPN instance to which an internal IP address belongs.

The local-name argument is a case-sensitive string of 1 to 31 characters. To specify a public IP address,

do not use this parameter.

acl acl-number: Specifies an ACL number in the range of 3000 to 3999.

reversible: Translates the destination address of a packet that originates from internal hosts to the

external host if the packet is permitted by ACL reverse matching.

Usage guidelines

You can specify an external network through a start address and an end address, and an internal

network through an external address and a mask.

An external end address cannot be greater than the greatest IP address in the network segment

determined by an external start address and an internal network mask. For example, if an internal

address is 2.2.2.0 with a mask 255.255.255.0 and the external start address is 1.1.1.100, the external

end address cannot be greater than 1.1.1.255, the greatest IP address in the network segment 1.1.1.0/24.

When the source IP address of an incoming packet matches the external address pool, the source IP

address is translated into a private address in the internal address pool. When the destination IP address

of a packet from the private network matches the internal address pool, the destination IP address is

translated into a public address in the external address pool.

• If you do not specify an ACL, the source addresses of all incoming packets and the destination

addresses of all outgoing packets are translated.

• If you specify an ACL and do not specify the reversible keyword, the source addresses of incoming

packets permitted by the ACL are translated. The destination addresses of packets originating from

internal hosts to the external are not translated.

• If you specify both an ACL and the reversible keyword, the source addresses of incoming packets

permitted by the ACL are translated. If packets originating from internal hosts to the external are

permitted by ACL reverse matching, the destination address is translated.

Static NAT takes precedence over dynamic NAT when both are configured on an interface.

You can configure multiple inbound static NAT mappings by using the nat static inbound command and

the nat static inbound net-to-net command.