HP VPN Firewall Appliances NAT and ALG Configuration Guide
16
Item Descri
p
tion
Enable track to VRRP
Configure whether to associate the internal server on an interface with a VRRP group,
and specify the VRRP group to be associated if you associate the internal server on an
interface with a VRRP group.
When two network devices deliver both stateful failover and dynamic NAT,
• Make sure each address pool on an interface is associated with one VRRP group
only. Otherwise, the system associates the address pool with the VRRP group having
the highest group ID.
• To ensure normal switchovers between the two devices, you need to add devices to
the same VRRP group, and associate dynamic NAT with the VRRP group.
VRRP Group
Configuring ACL-based NAT on the internal server
1. From the navigation tree, select Firewall > NAT Policy > Internal Server.
The internal server configuration page as shown in Figure 11 appears.
2. In the Internal Server Based on ACL area, click Add.
Figure 14 Internal server based on ACL configuration
3. Configure ACL-based NAT as described in Table 6.
4. Click Apply.
Table 6 Configuration items
Item Descri
p
tion
Interface Specify an interface to which the internal server policy is applied.
Protocol type Select the protocol number.
ACL
Enter the number of an ACL applied by the internal server policy.
If the ACL applied does not exist, the system does not create an ACL automatically. After
you specify an ACL in the ADD Internal Server Based on ACL page, select Firewall > ACL
to do more settings.
Internal VPN
Instance
Select the box and select a VPN instance to which the internal server belongs.
If the internal server is a common private network server that does not belong to any
VPN instance, do not select the box.