3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

331

332

333

334

335

336

337

338

339

340

NAT Configuration Commands 331

group-number: The number of a defined address pool.

Description

Use the nat outbound command to associate an ACL with an address pool,

indicating that the address specified in the acl-number can be translated by using

address pool group-number.

Use the undo nat outbound command to remove the corresponding address

translation.

Translation of the source address of the packet that conforms to the ACL is

accomplished by configuring the association between the ACL and the address

pool. The system performs address translation by selecting one address in the

address pool or by directly using the IP address of the interface. Users can

configure different address translation associations at the same interface. The

corresponding undo form of the command can be used to delete the related

address translation association. Normally, this interface is connected to ISP, and

serves as the exit interface of the inside network.

The command without the address-group parameter implements the "easy-ip"

feature. When performing address translation, the IP address of the interface is

used as the translated address and the ACL can be used to control which

addresses can be translated.

Example

# Enable the hosts of the 10.110.10.0/24 network segment to perform address

translation by selecting the addresses from 202.110.10.10 to 202.110.10.12 as

the translated address. Suppose that the interface GigabitEthernet0/0.1 connects

to ISP.

[SecBlade_FW] acl number 2001

[SecBlade_FW-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255

[SecBlade_FW-acl-basic-2001] rule deny

# Configure the address pool.

[SecBlade_FW] nat address-group 1 202.110.10.10 202.110.10.12

# Allow address translation and use the addresses of address pool 1 for address

translation. During translation, the information of TCP/UDP port is used.

[SecBlade_FW-GigabitEthernet0/0/0] nat outbound 2001 address-group 1

# Delete the corresponding configuration.

[SecBlade_FW-GigabitEthernet0/0/0] undo outbound 2001 address-group 1

# Configuration of simple address translation (Not using the TCP/UDP port

information to perform the address translation)

[SecBlade_FW-GigabitEthernet0/0.1] nat outbound 2001 address-group 1 no-pat

# Delete the corresponding configuration.

[SecBlade_FW-GigabitEthernet0/0.1] undo nat outbound 2001 address-group 1

no-pat