R0106-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

131

132

133

134

135

136

137

138

139

140

121

• The source IP address of the outgoing packets that match the ACL permit statement is translated into

an address in the address group.

• The reversible keyword enables the device to perform the following operations:

{ Compare the destination IP address in the first packet from the public network to the private

network with existing NO-PAT entries.

{ Translate the destination address into the NAT address in a matching NO-PAT entry.

To configure outbound dynamic NAT:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Configure an address

group and enter its

view.

nat address-group group-number By default, no address group exists.

3. Add a group member to

the address group.

address start-address end-address

By default, no group member exists.

You can add multiple members to an

address group.

The IP addresses of the members must

not overlap.

4. Enter interface view.

interface interface-type

interface-number

N/A

5. Configure outbound

dynamic NAT.

• Configure NO-PAT:

nat outbound [ acl-number ]

address-group group-number

[ vpn-instance vpn-instance-name ]

no-pat [ reversible ]

• Configure PAT:

nat outbound [ acl-number ]

[ address-group group-number ]

[ vpn-instance vpn-instance-name ]

[ port-preserved ]

By default, outbound dynamic NAT is

not configured.

You can configure multiple outbound

dynamic NAT rules on an interface.

6. (Optional.) Configure

the mapping behavior

for PAT.

nat mapping-behavior

endpoint-independent [ acl

acl-number ]

The default mapping behavior is

Address and Port-Dependent

Mapping.

This command takes effect only on

outbound dynamic NAT for PAT.

Configuring inbound dynamic NAT

To implement bidirectional NAT, you must use inbound dynamic NAT with outbound dynamic NAT, NAT

Server, or outbound static NAT.

• The source IP address of a received packet that matches the ACL permit statement is translated into

an address in the address group.

• The add-route keyword enables the device to add a route automatically to the NATed address when

a packet matches an inbound dynamic NAT rule. The output interface for the automatically added

route is the NAT interface, and the next hop is the source address before translation. If you do not

specify this keyword, you must add the route manually. HP recommends that you manually specify

a route because it takes time to add routes automatically.