Configuring address translation, Configuring static nat, Configuring one-to-one static nat – H3C Technologies H3C SecPath F1000-E User Manual

22

NOTE:
•

If the NAT configuration (address translation or internal server configuration) on an interface is
changed, save the configuration and reboot the device (or use the reset nat session command to
manually clear the relevant NAT entries), to avoid problems. The following problems may occur: After

you delete the NAT-related configuration, address translation can still work for sessions already created;

if you configure NAT when NAT is running, the same configuration may have different results because
of different configuration orders.

•

If Easy IP is configured on an interface or the public IP address is the same as the IP address of the
interface, address translation cannot be associated with any VRRP group.

Configuring address translation

A NAT device can be configured with or dynamically generate mappings to translate between internal
and external network addresses. Address translation can be classified into the following types:

•

Static NAT—Mappings between external and internal network addresses are manually configured.
Static NAT can meet fixed access requirements of a few users.

•

Dynamic NAT—A dynamic NAT entry is generated dynamically. Dynamic NAT is implemented by
associating an ACL with an address pool (or the address of an interface in the case of Easy IP). This

association defines what packets can use the addresses in the address pool (or the interface's

address) to access the external network. Dynamic NAT is applicable to the network environment
where a large number of internal users need to access external networks. An IP address is selected

from the associated address pool to translate an outgoing packet. After the session terminates, the

selected IP address is released.

Both static NAT and dynamic NAT support NAT multiple-instance as long as the VPN instance of an IP
address is provided.

Configuring static NAT

You need to configure static NAT in system view, and make it effective in interface view.
Static NAT supports two modes: one-to-one and net-to-net.

Configuring one-to-one static NAT

One-to-one static NAT translates a private IP address into a public IP address.
To configure one-to-one static NAT:

Step Command

1.

Enter system view.

system-view

2.

Configure a one-to-one static NAT

mapping.

nat static [ acl-number ] local-ip [ vpn-instance local-name ]
global-ip [ vpn-instance global-name ]

3.

Enter interface view.

interface interface-type interface-number

4.

Enable static NAT on the interface.

nat outbound static [ track vrrp virtual-router-id ]

Configuring net-to-net static NAT

Net-to-net static NAT translates a private network into a public network.