R0106-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

121

122

123

124

125

126

127

128

129

130

117

2. If a match is found, the NAT continues to match the public address, public port number, and the

protocol type against the NAT Server configuration.

3. If a match is found, NAT translates the public IP address in the reply into the private IP address of

the Web server.

4. The internal host can access the internal server.

NAT with ALG

Use NAT with ALG to translate the payload information to ensure connection establishment.

NAT translates only IP addresses and port numbers in packet headers and does not analyze fields in

application layer payload. However, the packet payloads of some protocols might contain IP address or

port information, which might cause problems if not translated. For example, an FTP application involves

both data connection and control connection. The data connection establishment dynamically depends

on the payload information for the control connection.

NAT configuration task list

Tasks at a

lance

Remarks

Perform at least one of the following tasks:

• Configuring static NAT

• Configuring dynamic NAT

•

Configuring NAT Server

•

Configuring NAT444

If you configure all the tasks on the same interface, their

priority is as follows:

• NAT Server.

• Static NAT.

• Static NAT444.

• Dynamic NAT and dynamic NAT444.

Dynamic NAT and dynamic NAT444 have the

same priority. They are matched in the descending

order of ACL numbers.

(Optional.) Configuring NAT with DNS mapping N/A

(Optional.) Configuring NAT hairpin N/A

(Optional.) Configuring NAT with ALG N/A

(Optional.) Configuring NAT logging N/A

Configuring static NAT

Static NAT can be implemented by one-to-one or net-to-net mapping for outbound and inbound

translation. Do not configure inbound static NAT separately. Typically, inbound static NAT works with

other NAT translation methods to implement bidirectional NAT.

Configuration prerequisites

• Configure an ACL to identify the IP addresses to be translated. NAT uses only the match criteria of

the source IP address, source port number, destination IP address, destination port number,

transport layer protocol, and VPN instance in the ACL rule for packet matching. For more

information about ACLs, see ACL and QoS Configuration Guide.