beautypg.com

Configuring dynamic nat, Configuration prerequisites, Configuring nat address pools – H3C Technologies H3C SecPath F1000-E User Manual

Page 30

background image

23

To configure net-to-net static NAT:

Step Command

1.

Enter system view.

system-view

2.

Configure a net-to-net static NAT
mapping.

nat static [ acl-number ] net-to-net local-network [ vpn-instance
local-name ] global-network [ vpn-instance global-name ]

{ netmask-length | netmask }

3.

Return to system view.

quit

4.

Enter interface view.

interface interface-type interface-number

5.

Enable static NAT on the interface.

nat outbound static

Configuring dynamic NAT

Dynamic NAT is usually implemented by associating an ACL with an address pool (or the address of an

interface) on an interface.

To select the address of an interface as the translated address, use Easy IP.

To select an address from an address pool as the translated address, use No-PAT or NAPT for
dynamic address translation. No-PAT is used in many-to-many address translation but does not

translate TCP/UDP port numbers. NAPT allows for many-to-one address translation by translating

also TCP/UDP port numbers.

Typically, a NAT entry is configured on the outbound interface of the NAT device.
If it is the first packet and an address pool is associated with an outbound interface, NAT determines
whether to translate the packet based on the ACL. If yes, NAT chooses an address from the associated

address pool or gets the associated interface address, performs address translation, and then saves the

address mapping in the address translation table. All subsequent packets from the internal host are

serviced by NAT directly according to the mapping entry.

Configuration prerequisites

Configure an ACL to specify IP addresses permitted to be translated. For more information about

ACL, see Access Control Configuration Guide.

Decide whether to use an interface's IP address as the translated source address.

Determine a public IP address pool for address translation.

Decide whether to translate port information.

Configuring NAT address pools

You can configure NAT address pools in two ways:

Configure an address pool that consists of a set of consecutive addresses.

Configure an address group that can contain several members. Each member specifies an address
pool that consists of a set of consecutive addresses. The address pools of members may not be

consecutive.

The NAT device selects an IP address from a specified NAT address pool as the source address of a

packet.
To configure an address pool:

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: