Manualshelf

HP VPN Firewall Appliances NAT and ALG Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
70717273747576777879
69
Configure NAT and ALG on the firewall to enable SIP UA 1 and SIP UA 2 to communicate by using their
aliases, and to enable SIP UA 1 to select an IP address from the range 5.5.5.9 to 5.5.5.11 when
registering with the SIP server on the external network.
Figure 57 Network diagram
Configuration procedure
This section describes ALG configuration only, assuming that other required configurations on the server
and client have been done.
# Configure the address pool and ACL.
<Firewall> system-view
[Firewall] nat address-group 1 5.5.5.9 5.5.5.11
[Firewall] acl number 2001
[Firewall-acl-basic-2001] rule permit source 192.168.1.0 0.0.0.255
[Firewall-acl-basic-2001] rule deny
[Firewall-acl-basic-2001] quit
# Enable ALG for SIP.
[Firewall] alg sip
# Configure NAT.
[Firewall] interface gigabitethernet 0/2
[Firewall-GigabitEthernet0/2] nat outbound 2001 address-group 1
NBT ALG configuration example
Network requirements
As shown in Figure 58, a company using the private network segment 192.168.1.0/24 wants to provide
NBT services to the outside.
Configure NAT and ALG on the firewall so that Host A uses 5.5.5.9 as its external IP address, the WINS
server uses 5.5.5.10 as its external IP address, and Host B can access the WINS server and Host A by
using host names.