Configuring static nat, Configuring dynamic nat – H3C Technologies H3C SecBlade FW Cards User Manual
Page 25
18
Configuring static NAT
You need to configure static NAT in system view, and make it effective in interface view.
Static NAT supports two modes: one-to-one and net-to-net.At present, the device support one-to-one only.
Configuring one-to-one static NAT:
One-to-one static NAT translates a private IP address into a public IP address.
Follow these steps to configure one-to-one static NAT:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Configure a one-to-one static NAT
mapping
nat static [ acl-number ] local-ip
[ vpn-instance local-name ]
global-ip
Required
Enter interface view
interface interface-type
interface-number
—
Enable static NAT on the interface
nat outbound static [ track vrrp
virtual-router-id ]
Required
Support for track vrrp
virtual-router-id depends on the
device model.
Configuring dynamic NAT
Dynamic NAT is usually implemented by associating an ACL with an address pool (or the address of an
interface) on an interface.
•
To select the address of an interface as the translated address, use Easy IP.
•
To select an address from an address pool as the translated address, use No-PAT or NAPT for
dynamic address translation. No-PAT is used in many-to-many address translation but does not
translate TCP/UDP port numbers. NAPT allows for many-to-one address translation by translating
also TCP/UDP port numbers.
Typically, a NAT entry is configured on the outbound interface of the NAT device. If internal hosts need
to access external networks through multiple outbound interfaces on the NAT device, you must configure
NAT entries on each of the interfaces. To avoid this, the device supports configuring a NAT entry on the
inbound interface on the NAT device. When hosts in a VPN want to access other VPNs through multiple
outbound interfaces on a NAT device, you can configure a NAT entry on the inbound interface on the
NAT device, simplifying NAT configuration.
When a packet from an internal host to the external network arrives: If it is the first packet and an address
pool is associated with an outbound interface, NAT determines whether to translate the packet based on
the ACL. If yes, NAT chooses an address from the associated address pool or gets the associated
interface address, performs address translation, and then saves the address mapping in the address
translation table. All subsequent packets from the internal host are serviced by NAT directly according to
the mapping entry.
1.
Configuration prerequisites
•
Configure an ACL to specify IP addresses permitted to be translated.
•
Decide whether to use an interface’s IP address as the translated source address.
•
Determine a public IP address pool for address translation.
•
Decide whether to translate port information.