Manualshelf

HP VPN Firewall Appliances NAT and ALG Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
40
to access the internal network by using the translated external addresses and port numbers. This mode
facilitates communication among hosts that connect to different NAT444 gateways.
For packets with the same source address and source port number but different destination addresses
and destination port numbers, different NAT444 mappings apply so that the source address and port
number are mapped to the same external IP address but different port numbers. The NAT444 gateway
allows the hosts only on the corresponding external networks where these destination addresses reside
to access the internal network. This mode is secure but inconvenient for communication among hosts that
connect to different NAT444 gateway.
If an ACL is configured, NAT444 mapping in endpoint-independent mapping behavior mode applies to
packets permitted by the ACL only. If no ACL is configured, NAT444 mapping in that mode applies to all
packets.
Examples
# Apply the endpoint-independent mapping mode to all packets for address translation.
<Sysname> system-view
[Sysname] nat mapping-behavior endpoint-independent
# Apply the Endpoint-Independent Mapping mode to FTP and HTTP packets, and the Address and
Port-Dependent Mapping mode to other packets for address translation.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule permit tcp destination-port eq 80
[Sysname-acl-adv-3000] rule permit tcp destination-port eq 21
[Sysname-acl-adv-3000] quit
[Sysname] nat mapping-behavior endpoint-independent acl 3000
nat444 outbound
Use nat444 outbound to configure a NAT444 dynamic IP-port block mapping on the outbound interface
that serves as the egress of an internal network to the external network.
Use undo nat444 outbound to remove the NAT444 dynamic IP-port block mapping on the interface.
Syntax
nat444 outbound acl-number address-group group-number port-range port-range-start port-range-end
block-size block-size
undo nat444 outbound acl-number
Views
Interface view
Parameter
acl-number: Specifies an ACL number in the range of 2000 to 3999.
address-group group-number: Specifies an address pool for address translation. The value range for the
group-number argument is 0 to 255.
port-range-start port-range-end: Specifies the port range for external addresses. The port-range-start
argument specifies the start port, and the port-range-end argument specifies the end port that must be no
lower than the start port.