beautypg.com

Table 5 – H3C Technologies H3C SecPath F1000-E User Manual

Page 450

background image

9

Table 5 Dynamic NAT configuration items

Item Description

Interface

Specify an interface on which dynamic NAT is to be enabled.

ACL

Specify an ACL for dynamic NAT.
You cannot associate an ACL with multiple NAT address pools, or associate an ACL
with both Easy IP and an address pool.

IMPORTANT:

On some devices, the rules of an ACL applied on an interface cannot conflict with
one another, that is, rules with the same source IP address, destination IP
address, and VPN instance are considered as a conflict. In a basic ACL
(numbering 2000 to 2999), rules with the same source IP address and VPN
instance are considered as a conflict.

Address Transfer

Select an address translation mode:

PAT: Refers to NAPT. In this mode, associating an ACL with an address pool

translates both IP addresses and port numbers.

No-PAT: Refers to many-to-many NAT. In this mode, associating an ACL with an

address pool translates only IP addresses.

Easy IP: In this mode, the NAT gateway directly uses an interface’s public IP

address as the translated IP address, and uses an ACL to match IP packets.

Only one mode can be selected for an address pool.

Address Pool Index

Specify the index of a NAT address pool for dynamic NAT.
The NAT address pool must have been configured through NAT address
configuration.
If Easy IP is selected for Address Transfer, you do not need to type an address
pool index.

Global VPN Instance

Specify the name of the instance to which the external IP addresses (that is, the NAT
address pool) belong.

Enable track to VRRP

VRRP Group

Configure whether to associate dynamic NAT on an interface with a VRRP group,
and specify the VRRP group to be associated if you associate dynamic NAT on an

interface with a VRRP group.
When two network devices implement both stateful failover and dynamic NAT,

Make sure that each address pool on an interface is associated with one VRRP

group only; otherwise, the system associates the address pool with the VRRP

group having the highest group ID.

To ensure normal switchovers between the two devices, you need to add the

devices to the same VRRP group, and associate dynamic NAT with the VRRP

group.


Return to

Dynamic NAT configuration task list

.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: