R0106-HP MSR Router Series Layer 3 - IP Services Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

191

192

193

194

195

196

197

198

199

200

180

Default

No NAT mapping exists.

Views

System view

Predefined user roles

network-admin

Parameters

local-ip: Specifies an internal IP address.

vpn-instance local-name: Specifies the MPLS L3VPN instance to which an internal IP address belongs.

The local-name argument is a case-sensitive string of 1 to 31 characters. To specify a public IP address,

do not use this parameter.

global-ip: Specifies an external IP address.

vpn-instance global-name: Specifies the MPLS L3VPN instance to which an external IP address belongs.

The global-name argument is a case-sensitive string of 1 to 31 characters. To specify a public IP address,

do not use this parameter.

acl acl-number: Specifies an ACL number in the range of 3000 to 3999.

reversible: Translates the destination address of a packet that originates from internal hosts to the

external host if the packet is permitted by ACL reverse matching.

Usage guidelines

When the source IP address of an outgoing packet matches the local-ip, the IP address is translated to the

global-ip. When the destination IP address of an incoming packet matches the global-ip, the destination

IP address is translated into the local-ip.

• If you do not specify an ACL, the source addresses of all outgoing packets and the destination

addresses of all incoming packets are translated.

• If you specify an ACL and do not specify the reversible keyword, the source addresses of outgoing

packets permitted by the ACL are translated. The destination addresses of packets originating from

external hosts to the internal are not translated.

• If you specify both an ACL and the reversible keyword, the source addresses of outgoing packets

permitted by the ACL are translated. If packets originating from external hosts to the internal are

permitted by ACL reverse matching, the destination address is translated.

Static NAT takes precedence over dynamic NAT when both are configured on an interface.

You can configure multiple outbound static NAT mappings by using the nat static outbound command

and the nat static outbound net-to-net command.

Examples

# Configure an inbound static NAT mapping between external IP address 2.2.2.2 and internal IP

address 192.168.1.1.

<Sysname> system-view

[Sysname] nat static inbound 2.2.2.2 192.168.1.1

# Configure outbound static NAT, and allow the internal user 192.168.1.1 to access the external network

segment 3.3.3.0/24 by using the external IP address 2.2.2.2.

<Sysname> system-view

[Sysname] acl number 3001