Virtual fragment reassembly configuration example, Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 581
3
Item Description
Specify timeout value of the
datagram being
reassembled
Set the aging time for each reassembly. If the fragments of a datagram (in a
reassembly) are not reassembled within this time, all the fragments of the
datagram are discarded.
This option is available after the virtual fragment reassembly feature is
enabled.
Drop all the incoming
fragments
Select the check box to discard all incoming fragments.
This option is available after the virtual fragment reassembly feature is
enabled.
Virtual Fragment Reassembly Configuration
Example
Network requirements
As shown in
, Host accesses Router B through Device A and NAT is enabled on interface
GigabitEthernet 0/1 of Device A. It is required to enable virtual fragment reassembly for security zone
Trust on Device A to ensure secure and efficient NAT.
Figure 9 Network diagram for virtual fragment reassembly configuration
Configuration procedure
Step1
Configure Host
# On Host, configure a static route to Router B. (Omitted)
Step2
Configure Device A.
# Configure IP addresses for the interfaces and assign the interfaces to security zones. (Omitted)
# Configure a static address mapping.
•
Select Firewall > NAT Policy > Static NAT from the navigation tree, and then click Add in the
Static Address Mapping area to perform configurations shown in
.