Enabling static nat on an interface, Creating an internal server – H3C Technologies H3C SecPath F1000-E User Manual
Page 18
11
Item Description
ACL
Specify the ACL number.
If the acl-number argument is specified, the device performs NAT for the packets
matching a specific ACL rule, and no longer matches the packets against the
interzone policy.
Enabling static NAT on an interface
Select Firewall > NAT Policy > Static NAT from the navigation tree to enter the page shown in
.
In the Interface Static Translation field where static NAT entries configured for interfaces are displayed,
click Add to enter the Enable Interface Static Translation page shown in
.
Figure 10 Enabling interface static translation
Table 7 Configuration items
Item Description
Interface Name
Select an interface to which static NAT is applied.
Enable track to VRRP
Configure whether to associate static NAT on an interface with a VRRP group,
and specify the VRRP group to be associated if you associate static NAT on an
interface with a VRRP group.
When two network devices implement both stateful failover and dynamic NAT,
•
Make sure the public address of an internal server on an interface is
associated with one VRRP group only; otherwise, the system associates the
public address with the VRRP group having the highest group ID.
•
To ensure normal switchovers between the two devices, you need to add the
devices to the same VRRP group, and associate dynamic NAT with the VRRP
group.
VRRP Group
Creating an internal server
Select Firewall > NAT Policy > Internal Server from the navigation tree to enter the page shown in
. In the Internal Server field where all internal server information is displayed, click Add to enter the
Add Internal Server page shown in