H3C Technologies H3C SecBlade FW Cards User Manual

19

NOTE:

For more information about ACL, see the

Access Control Configuration Guide.

2.

Configuring NAT address pools

The NAT device selects an IP address from a specified NAT address pool as the source address of a

packet.
Follow these steps to configure an address pool:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Configure an address pool

nat address-group group-number
start-address end-address [ level

level ]

Required
Not necessary when the device

provides only Easy IP, where an
interface’s public IP address is

used as the translated IP address.

NOTE:

Address pools must not overlap.

3.

Configuring Easy IP

Easy IP allows the device to use the IP address of one of its interfaces as the source address of NATed

packets.
Follow these steps to configure Easy IP:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter interface view

interface interface-type
interface-number

—

Enable Easy IP by associating an ACL
with the IP address of the interface

nat outbound [ acl-number ]
[ track vrrp virtual-router-id ]

Required

4.

Configuring No-PAT

With a specific ACL associated with an address pool or interface address, No-PAT translates the source

address of a packet permitted by the ACL into an IP address of the address pool or the interface address,
without using the port information.
Follow these steps to configure No-PAT:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter interface view

interface interface-type
interface-number

—

Configure No-PAT by associating an
ACL with an IP address pool on the

outbound interface for translating
only IP addresses

nat outbound [ acl-number ]
address-group group-number

no-pat [ track vrrp
virtual-router-id ]

Required
Support for the optional
acl-number argument depends on

the device model.

5.

Configuring NAPT