4000 Router Series Layer 3 - IP Services Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

131

132

133

134

135

136

137

138

139

140

120

Ste

Command

Remarks

5. Enable static NAT on the

interface.

nat static enable By default, static NAT is disabled.

Configuring dynamic NAT

Dynamic NAT implements address translation by mapping a group of IP addresses to a smaller number

of NAT addresses. You can specify an address group (or the IP address of an interface) and ACL to

implement dynamic NAT on the NAT interface.

Configuration restrictions and guidelines

• You can configure multiple dynamic NAT rules.

• A NAT rule with an ACL takes precedence over a rule without any ACL.

• The priority for the ACL-based dynamic NAT rules depends on ACL number. A higher ACL number

represents a higher priority.

Configuration prerequisites

• Configure an ACL to identify the IP addresses to be translated. NAT uses only the match criteria of

the source IP address, source port number, destination IP address, destination port number,

transport layer protocol, and VPN instance in the ACL rule for packet matching. For more

information about ACLs, see ACL and QoS Configuration Guide.

• Determine whether to enable the Easy IP function. If you use the IP address of an interface as the

NAT address, you are configuring Easy IP.

• Determine a public IP address pool for address translation.

• Determine whether to translate port number. Use NO-PAT to translate only IP addresses and PAT to

translate both IP addresses and port numbers.

Configuring outbound dynamic NAT

To translate private IP addresses into public IP addresses, configure outbound dynamic NAT on the

interface that connects the external network.

• The source IP address of the outgoing packets that match the ACL permit statement is translated into

an address in the address group.

• The reversible keyword matches the destination IP address in the first packet from the public network

to the private network against existing NO-PAT entries, and translates the destination address into

the NAT address in a matching NO-PAT entry.

To configure outbound dynamic NAT:

Ste

Command

Remarks

1. Enter system view.

system-view N/A