Manualshelf

HP VPN Firewall Appliances NAT and ALG Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
51
connection. For the following connections of the user, the public port is obtained from the assigned port
block for the source address's translation. When all connections from the user are closed, the assigned
IP-port block is released.
Associate an ACL with an address pool on an interface to enable dynamic NAT444.
Configure dynamic NAT444 on the outbound interface of a NAT device, and if needed, configure it on
multiple outbound interfaces for an internal host.
Configuration prerequisites
Configure an ACL to specify IP addresses permitted to be translated.
Configure a public IP address pool for address translation.
For configurations about ACL, address pool, and address group, see Access Control Configuration
Guide and "Configuring NAT".
Configuration procedure
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type interface-number N/A
3. Configure an outbound
NAT444.
nat444 outbound acl-number
address-group group-number port-range
port-range-start port-range-end block-size
block-size
The ACL can be modified and
also can be nonexistent. The
configuration does not take effect
when the ACL does not exist.
The address pool must exist and
cannot be modified once it is
referenced.
A NAT444 dynamic IP-port mapping is created when a user first accesses the Internet, and is removed
when the user's last connection is removed. You cannot remove the NAT444 dynamic IP-port mapping
manually.
When you remove the NAT444 dynamic associations of an interface, if other NAT444 associations do
not associate the address pool, all NAT444 dynamic IP-port mappings of the address pool are removed.
Configuring Full cone NAT
Full cone NAT sets the mapping behavior mode for NAT444:
Endpoint-Independent Mapping—For packets with the same source address and port number, the
same NAT444 mapping applies so that the source IP address and port number are mapped to the
same external address and port number, regardless of the destination addresses of the packets. The
NAT444 gateway also allows external hosts to access the internal network by using the translated
external addresses and port numbers. This mode facilitates communication among hosts that
connect to different NAT444 gateways.