R0106-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

401

402

403

404

405

406

407

408

409

410

396

[NAT1-acl-basic-2000] quit

# Configure NAT internal servers on GigabitEthernet1/0/1. Allow external ADVPN nodes to

access Hub 1 and Hub 2 by using the public address 1.0.0.1. Hub 1 and Hub 2 both use the

default source UDP port number 18001. The UDP port number after NAT is 4001 on Hub 1, and

is 4002 on Hub 2.

[NAT1] interface gigabitethernet 1/0/1

[NAT1-GigabitEthernet1/0/1] nat server protocol udp global current-interface 4001

inside 10.0.0.2 18001

[NAT1-GigabitEthernet1/0/1] nat server protocol udp global current-interface 4002

inside 10.0.0.3 18001

[NAT1-GigabitEthernet1/0/1] nat outbound 2000

[NAT1-GigabitEthernet1/0/1] quit

# Enable NAT hairpin on GigabitEthernet1/0/2.

[NAT1] interface gigabitethernet 1/0/2

[NAT1-GigabitEthernet1/0/2] nat hairpin enable

[NAT1-GigabitEthernet1/0/2] quit

Configuring NAT 2

1. Configure IP addresses for the interfaces. (Details not shown.)

2. Configure NAT internal servers:

# Configure ACL 2000 to permit packets sourced from 10.0.0.0/24.

<NAT2> system-view

[NAT2] acl number 2000

[NAT2-acl-basic-2000] rule permit source 10.0.0.0 0.0.0.255

[NAT2-acl-basic-2000] quit

# Create address group 1.

[NAT2] nat address-group 1

# Add address 1.0.0.2 into the group.

[NAT2-nat-address-group-1] address 1.0.0.2 1.0.0.2

[NAT2-nat-address-group-1] quit

# Configure NAT on GigabitEthernet1/0/1.

[NAT2] interface gigabitethernet 1/0/1

[NAT2-GigabitEthernet1/0/1] nat outbound 2000 address-group 1

[NAT2-GigabitEthernet1/0/1] quit

# Configure EIM for PAT to translate the source address and source port of packets that are

sourced from the same address and port and match ACL 2000 to the same source public address

and port.

[NAT2] nat mapping-behavior endpoint-independent acl 2000

Configuring NAT 3

# Configure NAT 3 in the same way that NAT 2 is configured. (Details not shown.)

Configuring NAT 4

1. Configure IP addresses for the interfaces. (Details not shown.)

2. Configure NAT internal servers:

# Configure NAT internal servers on GigabitEthernet1/0/1. Allow external VAM clients to access

VAM and AAA servers by using the public address 1.0.0.4. The primary and secondary VAM