Manualshelf

3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
81828384858687888990
82 CHAPTER 6: NAT CONFIGURATION
their destination addresses and port numbers and forward the response packets to
the corresponding internal hosts.
Static Network Address
Translation
This new static NAT approach converts the internal host addresses in a specified
range to the specified public network addresses (only the network part is
converted and the host part is unchanged). When internal hosts access the outside
network, their internal addresses are converted to public network addresses if
their internal addresses are in the specified range. Accordingly, outside hosts can
use the public network address to access directly internal hosts if the internal host
addresses which are converted from the public network addresses are in the
specified range.
Static NAT function creates direct mapping between internal host addresses and
public network addresses, and implement the function similar to NAT server.
However, static NAT function requires a large IP address space since it holds the
one-to-one mapping between internal host addresses and public network
addresses. You can combine the static and dynamic NAT function, as long as the
addresses are not in conflict.
NAT Configuration NAT configuration includes:
Configure address pool.
Configure Easy IP
Configure static NAT
Configure many-to-many NAT
Configure NAPT
Configure internal server support
Configure NAT effective time (Optional)
Configuring Address
Pool
The address pool is a collection of some consecutive IP addresses, while internal
data packet needs to access external network via NAT, a certain address in the
address pool will be chosen as the source address. Perform the following
configurations in the system view.
c
CAUTION: An address pool is irremovable while this address pool has set up the
association with a certain access control list for NAT.
n
If Easy IP is the one and only function supported by the security gateway, the
address of the interface will be used plainly as the translated IP address, no NAT
pool needed.
Tabl e 70 Configure address pool
Operation Command
Define an address pool nat address-group group-number start-addr end-addr
Delete an address pool undo nat address-group group-number