4000 Router Series Layer 3 - IP Services Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

131

132

133

134

135

136

137

138

139

140

121

Ste

Command

Remarks

2. Configure an address

group and enter its

view.

nat address-group group-number By default, no address group exists.

3. Add a group member

to the address group.

address start-address end-address

By default, no group member exists.

You can add multiple members to an

address group.

The IP addresses of the members must

not overlap.

4. Enter interface view.

interface interface-type

interface-number

N/A

5. Configure outbound

dynamic NAT.

• Configure NO-PAT:

nat outbound [ acl-number ]

address-group group-number

[ vpn-instance vpn-instance-name ]

no-pat [ reversible ]

• Configure PAT:

nat outbound [ acl-number ]

[ address-group group-number ]

[ vpn-instance vpn-instance-name ]

[ port-preserved ]

By default, outbound dynamic NAT is

not configured.

You can configure multiple outbound

dynamic NAT rules on an interface.

6. (Optional.) Configure

the mapping behavior

for PAT.

nat mapping-behavior

endpoint-independent [ acl

acl-number ]

The default mapping behavior is

Address and Port-Dependent

Mapping.

This command takes effect only on

outbound dynamic NAT for PAT.

Configuring inbound dynamic NAT

To implement bidirectional NAT, you must use inbound dynamic NAT with outbound dynamic NAT, NAT

Server, or outbound static NAT.

• The source IP address of a received packet that matches the ACL permit statement is translated into

an address in the address group.

• The keyword add-route enables the device to add a route automatically to the NATed address when

a packet matches an inbound dynamic NAT rule. The output interface for the automatically added

route is the NAT interface, and the next hop is the source address before translation. If you do not

specify this keyword, you must add the route manually. HP recommends that you manually specify

a route because it takes time to add routes automatically.

• The reversible keyword matches the destination IP address in the first packet from the private

network to the public network against existing NO-PAT entries, and translates the destination

address into the NAT address in a matching NO-PAT entry.

Inbound dynamic NAT does not support Easy IP.

To configure inbound dynamic NAT:

Ste

Command

Remarks

1. Enter system view.

system-view N/A