Manualshelf

HP VPN Firewall Appliances NAT and ALG Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
32
[Firewall] quit
Verifying the configuration
# After completing the configurations, display the DNS mapping configuration information.
<Firewall> display nat dns-map
NAT DNS mapping information:
There are currently 2 NAT DNS mapping(s)
Domain-name: www.server.com
Global-IP : 202.38.1.2
Global-port: 80(www)
Protocol : 6(TCP)
Domain-name: ftp.server.com
Global-IP : 202.38.1.2
Global-port: 21(ftp)
Protocol : 6(TCP)
Host A and Host B can use the domain name www.server.com to access the Web server, and use
ftp.server.com to access the FTP server.
Troubleshooting NAT
Symptom 1
Abnormal translation of IP addresses.
Solution
1. Enable debugging for NAT. Try to locate the problem based on the debugging display.
2. Use other commands, if necessary, to further identify the problem. Pay special attention to the
source address after the address translation and make sure this address is the address that you
intend to change to. If not, there might be an address pool bug.
3. Make sure a route is available between the destination network and the address pool segment.
4. Be aware of the possible effects that the firewall or the ACLs have to NAT, and also note the route
configurations.
Symptom 2
The internal server does not function correctly.
Solution
1. Verify that the internal server host is correctly configured.
2. Verify the router is correctly configured with respect to the internal server parameters, such as the
internal server IP address.