Manualshelf

HP VPN Firewall Appliances NAT and ALG Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
24
Configuring static NAT
Static NAT supports NAT multiple-instance as long as the VPN instance of an IP address is provided.
Static NAT supports two modes: one-to-one and net-to-net.
Configuring one-to-one static NAT
One-to-one static NAT translates a private IP address into a public IP address.
To configure one-to-one static NAT:
Ste
p
Command
1. Enter system view.
system-view
2. Configure a one-to-one static NAT
mapping.
nat static [ acl-number ] local-ip [ vpn-instance local-name ]
global-ip [ vpn-instance global-name ]
3. Enter interface view.
interface interface-type interface-number
4. Enable static NAT on the interface.
nat outbound static [ track vrrp virtual-router-id ]
Configuring net-to-net static NAT
Net-to-net static NAT translates a private network into a public network.
To configure net-to-net static NAT:
Ste
p
Command
1. Enter system view.
system-view
2. Configure a net-to-net static NAT mapping.
nat static [ acl-number ] net-to-net local-network
[ vpn-instance local-name ] global-network
[ vpn-instance global-name ] { mask-length | mask }
3. Enter interface view.
interface interface-type interface-number
4. Enable static NAT on the interface.
nat outbound static [ track vrrp virtual-router-id ]
Configuring dynamic NAT
Dynamic NAT support NAT multiple-instance as long as the VPN instance of an IP address is provided.
Configuration prerequisites
Configure an ACL to specify IP addresses permitted to be translated. For more information about
ACL, see Access Control Configuration Guide.
Determine whether to use an interface's IP address as the translated source address.
{ To select the address of an interface as the translated address, use Easy IP.
{ To select an address from an address pool as the translated address, use No-PAT or NAPT for
dynamic address translation. No-PAT is used in many-to-many address translation but does not
translate TCP/UDP port numbers. NAPT allows for many-to-one address translation by
translating also TCP/UDP port numbers.
Determine a public IP address pool for address translation.
Determine whether to translate port information.