Manualshelf

3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
81828384858687888990
90 CHAPTER 6: NAT CONFIGURATION
[secblade] firewall zone trust
[secblade-zone-trust] add interface GigabitEthernet 0/0.1
[secblade-zone-trust] quit
# Add the sub-interface of the external network to the untrust zone.
[secblade] firewall zone untrust
[secblade-zone-untrust] add interface GigabitEthernet 0/0.2
[secblade-zone-untrust] quit
# Configure the static route.
[secblade] ip route-static 0.0.0.0 0 202.38.160.200
[secblade] ip route-static 10.0.0.0 16 30.0.0.1
# Configure the address pool and ACL.
[secblade] nat address-group 1 202.38.160.101 202.38.160.105
[secblade] acl number 2001
[secblade-acl-basic-2001] rule permit source 10.0.0.0 0.0.0.255
# All 10.0.0.0/24 network segment to translation addresses.
[secblade-acl-basic-2001] quit
[secblade] interface GigabitEthernet 0/0.2
[secblade-GigabitEthernet0/0.2] nat outbound 2001 address-group 1
# Set the internal ftp server.
[secblade-GigabitEthernet0/0.2] nat server protocol tcp global
202.38.160.100 inside 10.0.1.2 ftp
# Set the internal WWW server.
[secblade-GigabitEthernet0/0.2] nat server protocol tcp global
202.38.160.100 inside 10.0.1.1 www
# Set the internal smtp server.
[secblade-GigabitEthernet0/0.2] nat server protocol tcp global 202.38.160.100
inside 10.0.1.3 smtp
Troubleshooting NAT
Configuration
Fault 1: address translation abnormal
Troubleshooting: enable the debug for NAT, and refer to debugging nat in the
debugging command for specific operation. According to the Debugging
information displayed on the security gateway, initially locate the failure, and then
use other commands for further check. Observe the source address after
translation carefully, and make sure that it is the expected address. Otherwise, it is
possible the configuration of address pool is wrong. Meanwhile, make sure that
there is route in the accessed network to return to the address segment defined in
the address pool. Take into consideration the influence onto the NAT by the ACL
of firewall and address conversion itself, and also route configuration.
Fault 2: internal server abnormal