Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
81828384858687888990
86 CHAPTER 6: NAT CONFIGURATION
NAT application level gateway (ALG), a common solution to special protocol
traversal, replaces the IP addresses and port numbers in payload based on NAT
rules, and achieves transparent protocol relay. Currently, NAT ALG supports PPTP,
DNS, FTP, ILS, NBT, H.323 and other protocols.
NAT Configuration NAT configuration includes:
Configure address pool.
Configure Easy IP
Configure static NAT
Configure many-to-many NAT
Configure NAPT
Configure internal server support
Configure NAT effective time (Optional)
Configuring Address
Pool
The address pool is a collection of some consecutive IP addresses, while internal
data packet needs to access external network via NAT, a certain address in the
address pool will be chosen as the source address. Perform the following
configurations in the system view.
c
CAUTION: An address pool is irremovable while this address pool has set up the
association with a certain access control list for NAT.
n
If Easy IP is the one and only function supported by the security gateway, the
address of the interface will be used plainly as the translated IP address, no NAT
pool needed.
Configuring NAT The NAT is accomplished by associating address pool with ACL. The association
creates a relationship between such IP packets, characterized in the ACL, and that
addresses, defined in the address pool. When a packet is transferred from inner
network to outer network, first, the packet is filtered by the ACL to let it out, then
the association between the ACL and address pool is used to find an address,
which will later serve actually as the translated address.
The configuration of ACL is discussed in “ACL Configuration”.
The configuration varies from kinds to kinds of NAT.
Easy IP
The NAT command without the address-group parameter functions as the nat
outbound acl-number command, implementing the "easy-ip" feature. When
performing address translation, the IP address of the interface is used as the
Tabl e 70 Configure address pool
Operation Command
Define an address pool nat address-group group-number start-addr end-addr
Delete an address pool undo nat address-group group-number