HP VPN Firewall Appliances NAT and ALG Configuration Guide
25
Configuring NAT address pools
You can configure NAT address pools in the following ways:
• Configure an address pool that consists of a set of consecutive addresses.
• Configure an address group that can contain several members. Each member specifies an address
pool that consists of a set of consecutive addresses. The address pools of members might not be
consecutive.
The NAT device selects an IP address from a specific NAT address pool as the source address of a
packet.
To configure an address pool:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Configure an address
pool.
nat address-group group-number start-address
end-address [ level level ]
Address pools must not
overlap.
To configure an address group:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create an address group and
enter its view.
nat address-group
group-number
N/A
3. Add a member to the address
group.
address start-address
end-address
The IP address pools of address group
members must not overlap with each other
or with other address pools.
Configuring Easy IP
Easy IP allows the device to use the IP address of one of its interfaces as the source address of NATed
packets.
To configure Easy IP:
Ste
p
Command
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Enable Easy IP by associating an ACL with
the IP address of the interface.
nat outbound acl-number [ track vrrp virtual-router-id ]
Configuring No-PAT
With a specific ACL associated with an address pool or interface address, No-PAT translates the source
address of a packet permitted by the ACL into an IP address of the address pool or the interface address,
without using the port information.
To configure No-PAT: