Nbt alg configuration example, Network requirements – H3C Technologies H3C SecBlade FW Cards User Manual

Page 39

# Create a basic ACL.

•

Select Firewall > ACL from the navigation tree and then on the page that appears, click Add.

•

Type 2001 in the ACL Number text box.

•

Click Apply.

# Create an ACL rule.

•

Click the icon

of ACL 2001 to enter the ACL rule configuration page. Then click Add.

•

Select Permit as the operation.

•

Select the Source IP Address check box, type192.168.1.0 as the source IP address, and type
0.0.0.255 as the source wildcard.

•

Click Apply.

•

Click Add.

•

Select Deny as the operation.

•

Click Apply.

Configure dynamic NAT.

# Configure the address pool.

•

Select Firewall > NAT Policy > Dynamic NAT from the navigation tree. In the Address Pool area,
click Add.

•

Type 1 in the Index text box.

•

Type 5.5.5.9 as the start IP address.

•

Type 5.5.5.11 as the end IP address.

•

Click Apply.

# Configure dynamic NAT.

•

In the Dynamic NAT area, click Add.

•

Select GigabitEthernet0/1.

•

Type 2001 for the ACL field.

•

Select PAT as the address translation.

•

Type 1 as the address pool index.

•

Click Apply.

NBT ALG configuration example

Network requirements

As shown in

Figure 23

, a company accesses the Internet through a device with NAT and ALG enabled.

The company provides NBT services to the outside. The inside network segment of the company is

192.168.1.0/24. Configure NAT and ALG to meet the following requirements:

•

Host B can access the WINS server and Host A with host names.

•

Host A uses 5.5.5.9 as its external IP address, and the WINS server uses 5.5.5.10 as its external IP
address.

This manual is related to the following products:

H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS