3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

331

332

333

334

335

336

337

338

339

340

334 CHAPTER 19: NAT CONFIGURATION COMMANDS

Overlap address = Start address of the overlap address pool + (temporary address -

start address of the temporary address pool)

Example

# Configure a mapping entry from 171.69.100.0 to 192.168.0.0, with address

pool pair number as 0.

[SecBlade_FW] nat overlapaddress 0 171.69.100.0 192.168.0.0 address-mask 24

nat server Syntax

nat server [ acl-number ] protocol pro-type global global-addr global-port1

global-port2 inside host-addr1 host-addr2 host-port

nat server [ acl-number ] protocol pro-type global global-addr [ global-port ]

inside host-addr [ host-port ]

undo nat server [ acl-number ] protocol pro-type global global-addr

global-port1 global-port2 inside host-addr1 host-addr2 host-port

undo nat server [ acl-number ] protocol pro-type global global-addr [

global-port ] inside host-addr [ host-port ]

View

Interface view

Parameter

acl-number: Basic or advanced ACL number, in the range of 2000 to 3999.

global-addr: An IP address provided for the outside to access (a legal IP address).

global-port: A service port number provided for the outside to access. If ignored,

its value shall be the same with the host-port’s value.

host-addr: IP address of the server in internal LAN.

host-port: Service port number provided for a server in the range of 0 to 65535,

and the common used port numbers are replaced by key words. For example,

www service port number is 80, which can also be represented by www. ftp

service port number is 21, and ftp can also stands for it. If the inside-port is 0, it

indicates that all the types of services can be provided and the key word any can

be used to stand for it in this situation. If the parameter is not configured, it is

considered as the case of any, which is the same as that there is a static

connection between global-addr and host-addr. When the host-port is configured

as any, the global-port also should be any, otherwise the configuration is illegal.

global-port1, global-port2: Specifies a port range through two port numbers,

forming a corresponding relation with the internal host address range.

global-port2 must be larger than global-port1.

host-addr1, host-addr2: Defines a group of consecutive address ranges, which

respectively one-to-one matches the port ranges defined above. host-addr2 must

be bigger than host-addr1. The number of the address ranges should be the same

as the number of ports defined by global-port1 and global-port2.