3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
NAT Configuration 89
Configuring Internal
Server
By configuring internal server, the related external address and port can be
mapped into the internal server, thus enabling the function of external network
accessing the internal server.
The mapping table for internal server and external network is configured by the
nat server command.
The information user needs to provide includes external address, external port,
internal server address, internal server port and the protocol type of the service.
Perform the following configuration in the interface view.
n
■ While either of global-port and inside-port is defined as "any", the other one
must either be defined as "any" or not be defined.
■ TFTP is a special protocol; therefore, make sure you configure the
corresponding nat outbound command on the internal TFTP server when you
configure NAT Server for the TFTP server.
Enabling NAT ALG Perform the following configuration in system view.
By default, NAT ALG is enabled.
Tab le 78 Configure bidirectional NAT table
Operation Command
Configure the mapping from the
overlap address pool to the
temporary address pool
nat overlapaddress number overlappool-startaddress
temppool-startaddress { pool-length pool-length |
address-mask mask }
Remove the mapping from the
overlap address pool to the
temporary address pool
undo nat overlapaddress number
Tab le 79 Configure internal server
Operation Command
Add an internal server
nat server [ acl-number ] protocol pro-type global
global-addr [ global-port ] inside host-addr [ host-port ]
nat server [ acl-number ] protocol pro-type global
global-addr global-port 1 global-port2 inside host-addr1
host-addr2 host-port
Delete an internal server
undo nat server [ acl-number ] protocol pro-type global
global-addr [ global-port ] inside host-addr [ host-port ]
undo nat server [ acl-number ] protocol pro-type global
global-addr global-port1 global-port2 inside host-addr1
host-addr2 host-port
Tab le 80 Enable NAT ALG
Operation Command
Enable NAT ALG (application
level gateway)
nat alg { dns | ftp | h323 | ils | msn | nbt | pptp | sip }
Disable NAT ALG undo nat alg { dns | ftp | h323 | ils | msn | nbt | pptp | sip }