HP VPN Firewall Appliances NAT and ALG Command Reference
19
[Sysname-GigabitEthernet0/1] nat server protocol icmp global 202.110.10.11 inside
10.110.10.12 vpn-instance vrf10
# Allow external hosts to access the Telnet services of internal servers 10.110.10.1 to 10.110.10.100 in VPN
vrf10 through the public address of 202.110.10.10 and port numbers from 1001 to 1100. As a result, a
user can Telnet to 202.110.10.10:1001 to access 10.110.10.1, Telnet to 202.110.10.10:1002 to access
10.110.10.2, and so on.
<Sysname> system-view
[Sysname] interface gigabitethernet 0/1
[Sysname-GigabitEthernet0/1] nat server protocol tcp global 202.110.10.10 1001 1100 inside
10.110.10.1 10.110.10.100 telnet vpn-instance vrf10
# Remove the Web server.
<Sysname> system-view
[Sysname] interface gigabitethernet 0/1
[Sysname-GigabitEthernet0/1] undo nat server protocol tcp global 202.110.10.10 8080 inside
10.110.10.10 www
# Remove the FTP server from VPN vrf10.
<Sysname> system-view
[Sysname] interface gigabitethernet 0/1
[Sysname-GigabitEthernet0/1] undo nat server protocol tcp global 202.110.10.11 21 inside
10.110.10.11 ftp vpn-instance vrf10
Related commands
display nat server
nat server (based ACL)
Use nat server to map the destination address of an ACL-permitted packet to the internal server address
or the internal server IP address/port number.
Use undo nat server to remove the mapping.
Syntax
nat server protocol pro-type global acl-number inside local-address [ local-port ] [ vpn-instance
local-name ]
undo nat server protocol pro-type global acl-number inside local-address [ local-port ] [ vpn-instance
local-name ]
Views
Interface view
Default command level
2: System level
Parameters
protocol pro-type: Specifies a protocol type. pro-type supports TCP, UDP, and ICMP. If ICMP is specified,
do not specify port number for the internal server.
acl-number: Specifies an ACL number in the range of 2000 to 3999.
local-address: Specifies the internal IP address of the internal server.