4000 Router Series Layer 3 - IP Services Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

171

172

173

174

175

176

177

178

179

180

165

Parameters

local-start-address local-end-address: Specifies an internal network address pool which can contain a

maximum of 255 addresses. The local-end-address must not be lower than local-start-address. If they are

the same, the internal network address pool has only one address.

global-network: Specifies an external network address.

mask-length: Specifies the mask length of the external network address, in the range of 8 to 31.

mask: Specifies the mask of the external network address.

acl acl-number: Specifies an ACL number in the range of 3000 to 3999. You can use an ACL to specify

the destination addresses that internal hosts can access.

reversible: Translates the destination address of a packet that originates from internal hosts to the

external host if the packet is permitted by ACL reverse matching.

Usage guidelines

You can specify an internal network through a start address and an end address, and an external

network through an external address and a mask.

An internal end address cannot be greater than the greatest IP address in the network segment

determined by an internal start address and an external network mask. For example, an external address

is 2.2.2.0 with a mask 255.255.255.0, and the internal start address is 1.1.1.100. The internal end

address cannot be greater than 1.1.1.255, the greatest IP address in the network segment 1.1.1.0/24.

When the source IP address of a packet from the private network matches the internal NAT address pool,

the source IP address is translated into a public address in the external NAT address pool. When the

destination IP address of a packet from the public network matches the external NAT address pool, the

destination IP address is translated into a private address in the internal NAT address pool.

• If you do not specify an ACL, the source addresses of all outgoing packets and the destination

addresses of all incoming packets are translated.

• If you specify an ACL and do not specify the reversible keyword, the source addresses of outgoing

packets permitted by the ACL are translated. The destination addresses of packets originating from

external hosts to the internal are not translated.

• If you specify both an ACL and the reversible keyword, the source addresses of outgoing packets

permitted by the ACL are translated. If packets originating from external hosts to the internal are

permitted by ACL reverse matching, the destination address is translated.

Static NAT takes precedence over dynamic NAT when both are configured on an interface.

You can configure multiple outbound static NAT mappings by using the nat static outbound command

and the nat static outbound net-to-net command.

Examples

# Configure an outbound static NAT mapping between internal network address 192.168.1.0/24 and

external network address 2.2.2.0/24.

<Sysname> system-view

[Sysname] nat static outbound net-to-net 192.168.1.1 192.168.1.255 global 2.2.2.0 24

# Configure outbound static NAT, and allow internal users in the network segment 192.168.1.0/24 to

access the external network segment 3.3.3.0/24 by using an IP address in the network segment

2.2.2.0/24.

<Sysname> system-view

[Sysname] acl number 3001

[Sysname-acl-adv-3001] rule permit ip destination 3.3.3.0 0.0.0.255