R0106-HP MSR Router Series Layer 3 - IP Services Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

171

172

173

174

175

176

177

178

179

180

167

Syntax

nat mapping-behavior endpoint-independent [ acl acl-number ]

undo nat mapping-behavior endpoint-independent

Default

Address and Port-Dependent Mapping applies.

Views

System view

Predefined user roles

network-admin

Parameters

acl acl-number: Specifies an ACL number in the range of 2000 to 3999. Applies the NAT mapping

behavior to packets that are permitted by the ACL. If you do not specify any ACL, the

Endpoint-Independent Mapping applies to all packets.

Usage guidelines

PAT supports the following NAT mapping behaviors:

• Endpoint-Independent Mapping—EIM uses the same IP and port mapping for packets from the

same source and port to any destination IP and port. An EIM entry is generated to record the IP and

port mapping. This behavior allows packets from any external host to access the internal user by

using the NAT address and port. This behavior facilitates communication among hosts that connect

to different NAT gateways.

• Address and Port-Dependent Mapping—Uses different IP and port mappings for packets with the

same source IP and port to different destination IP addresses and ports. This behavior does not

allow packets from an external host to be sent to any NAT address and port unless the internal host

has previously sent a packet of the same protocol to that external host. This behavior is secure but

inconvenient for communication among hosts connecting to different NAT gateways.

This command takes effect only on outbound PAT. Address and Port-Dependent Mapping always applies

to inbound PAT.

Examples

# Apply the Endpoint-Independent Mapping mode to all packets for address translation.

<Sysname> system-view

[Sysname] nat mapping-behavior endpoint-independent

# Apply the Endpoint-Independent Mapping to FTP and HTTP packets, and the Address and

Port-Dependent Mapping to other packets for address translation.

<Sysname> system-view

[Sysname] acl number 3000

[Sysname-acl-adv-3000] rule permit tcp destination-port eq 80

[Sysname-acl-adv-3000] rule permit tcp destination-port eq 21

[Sysname-acl-adv-3000] quit

[Sysname] nat mapping-behavior endpoint-independent acl 3000

Related commands

• nat outbound

• display nat eim