HP VPN Firewall Appliances NAT and ALG Configuration Guide
52
• Address and Port-Dependent Mapping—For packets with the same source address and source port
number but different destination addresses and destination port numbers, different NAT444
mappings apply so that the source address and port number are mapped to the same external IP
address but different port numbers. The NAT444 gateway allows the hosts only on the
corresponding external networks where these destination addresses reside to access the internal
network. This mode is secure but inconvenient for communication among hosts that connect to
different NAT444 gateway.
If an ACL is configured, NAT444 mapping in endpoint-independent mapping behavior mode applies to
packets permitted by the ACL only. If no ACL is configured, NAT444 mapping in that mode applies to all
packets.
To configure Full cone NAT:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Configure Full cone
NAT.
nat mapping-behavior
endpoint-independent [ acl acl-num ]
NAT444 mapping behavior
mode is Address and Port
Dependent Mapping.
Configuring NAT444 logging
NAT444 sends the following logs to the log server when an internal user access the Internet through
NAT444:
• NAT444 user log
• NAT444 session establishment log
• NAT444 session removal log
NAT444 logs support two formats: china-telecom and china-unicom-nat444. You can configure the two
formats by executing the info-center format command. For more information about NAT444 log formats
and NAT444 logging configurations, see System Management and Maintenance Configuration Guide
and System Management and Maintenance Command Reference.
To configure NAT444 logging:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable NAT444
logging.
nat444 log { user | session-start | session-end }
By default, NAT444 logging
is disabled.
Displaying and maintaining NAT444
Task Command
Remarks
Display NAT444 static IP-port
mappings.
display nat444 static-ip-port-block Available in any view.