Manualshelf

HP VPN Firewall Appliances NAT and ALG Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
37
Related commands
nat444 static local
nat444 static
Use nat444 static local to create a static IP-port block mapping.
Use undo nat444 static local to remove the static IP-port block mapping.
Syntax
nat444 static local local-start-address local-end-address [ vpn-instance local-name ] global
global-start-address global-end-address port-range port-range-start port-range-end block-size block-size
undo nat444 static local local-start-address local-end-address [ vpn-instance local-name ]
Views
System view, interface view
Parameters
local-start-address local-end-address: Specifies the internal IP addresses. The local-end-address must be
no lower than the local-start-address.
vpn-instance local-name: Specifies the VPN to which the internal IP address belongs. The local-name
argument is a case-sensitive string of 1 to 31 characters. If you do not specifies this option, the internal
IP address does not belong to any VPN.
global-start-address global-end-address: Specifies the external IP addresses. The global-end-address
must be no lower than the global-start-address.
port-range-start port-range-end: Specifies the port range for external IP addresses. The port-range-start
argument specifies the start port, and the port-range-end argument specifies the end port that must be no
lower than the start port.
block-size: Port block size. If the value for the port block size exceeds the one for the port range that
equals port-range-end – port-range-start + 1, the system changes the value for the port block size to the
one for the port range.
Usage guidelines
This command assigns a static IP port block to each internal user by using the algorithm specified by
China Telecom NAT444 Specification. NAT uses the assigned static IP port block to perform the
translation for connections from internal to external.
NAT444 static IP-port mappings configured in interface view takes effect only on the interface, and the
ones configured in system view takes effect globally.
NAT444 static IP-port mappings configured in interface view takes priority over the ones configured in
system view.
It is users, not conflict detection, that make sure there is no conflict between configurations in interface
view and system view, and configurations in different interface views. Conflict detection is performed on
configurations for an interface by using the same algorithm as the one used for configurations in system
view.
The external address in a NAT444 static IP-port mapping cannot be used for address management and
does not support ARP.