Configuring easy ip, Configuring no-pat – H3C Technologies H3C SecPath F1000-E User Manual

24

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Configure an
address pool.

nat address-group group-number
start-address end-address

Not necessary when the router provides only
Easy IP, where an interface's public IP address

is used as the translated IP address.

To configure an address group:

Step Command

1.

Enter system view.

system-view

2.

Create an address group and enter its view.

nat address-group group-number

3.

Add a member to the address group.

address start-address end-address

NOTE:
•

Address pools must not overlap.

•

The IP address pools of address group members must not overlap with each other or with other address
pools.

Configuring Easy IP

Easy IP allows the firewall to use the IP address of one of its interfaces as the source address of NATed
packets.
To configure Easy IP:

Step Command

1.

Enter system view.

system-view

2.

Enter interface view.

interface interface-type interface-number

3.

Enable Easy IP by associating an ACL with
the IP address of the interface.

nat outbound [ acl-number ] [ track vrrp virtual-router-id ]

Configuring No-PAT

With a specific ACL associated with an address pool or interface address, No-PAT translates the source
address of a packet permitted by the ACL into an IP address of the address pool or the interface address,

without using the port information.
To configure No-PAT:

Step Command

1.

Enter system view.

system-view

2.

Enter interface view.

interface interface-type interface-number

3.

Configure No-PAT by associating an ACL with an IP
address pool on the outbound interface for

translating only IP addresses.

nat outbound [ acl-number ] address-group
group-number [ vpn-instance vpn-instance-name ]
no-pat [ track vrrp virtual-router-id ]