Low-priority address pool, Configuring a nat policy, Configuration overview – H3C Technologies H3C SecPath F1000-E User Manual
Page 446: Configuring address translation
5
Low-Priority Address Pool
An address pool is a set of consecutive public IP addresses used for dynamic NAT. A NAT gateway
selects addresses from the address pool and uses them as the translated source IP addresses.
When two devices in a stateful failover implementation carry out NAT, identical address pools must be
configured on both devices, helping ensure that service traffic is successfully taken over by the other
device if one device fails. However, if the devices select the same IP addresses from their address pool
and assign them the same port numbers, reverse sessions on the two devices are the same. As a result,
session data cannot be backed up between the devices.
To solve the problem, the low-priority address pool attribute is introduced to NAT. You can configure
address pools on the two devices to have different priorities. For example, suppose that two addresses
pools, 100.0.0.1 through 100.0.0.5 (A), and 100.0.0.6 through 100.0.0.10 (B), are configured on the
two devices. You can configure A as the low-priority address pool on a device and configure B as the
low-priority address pool on the other device. Because addresses in the low-priority address pool are
not selected by NAT. The two devices use different addresses as translated source addresses, and thus
session data can be backed up successfully.
NOTE:
For details about stateful failover, refer to
Stateful Failover Configuration.
Configuring a NAT Policy
Configuration Overview
Configuring Address Translation
A NAT gateway can be configured with or dynamically generate mapping entries to translate between
internal and external network addresses. Generally, address translation can be classified into two types,
dynamic and static.
•
Dynamic NAT
A dynamic NAT entry is generated dynamically. Dynamic NAT is implemented by associating an ACL
with an address pool (or the address of an interface in the case of Easy IP). This association defines
what packets can use the addresses in the address pool (or the interface’s address) to access the
external network. Dynamic NAT is applicable when a large number of internal users need to access
external networks. An IP address is selected from the associated address pool to translate an outgoing
packet. After the session terminates, the selected IP address is released.
Perform the tasks in
to configure dynamic NAT.
Table 1 Dynamic NAT configuration task list
Task Remarks
Required for configuring NAPT and many-to-many NAT
Required
Configure dynamic NAT on an interface.
•
Static NAT