H3C Technologies H3C SecBlade FW Cards User Manual

13

Item Description

VPN Instance

Specify a VPN instance name to which the internal server belongs.
If the internal server belongs to a VPN, you need to specify the VPN

instance. You do not need to specify it if the internal server belongs to a
normal private network.

Protocol Type

Select or specify the type of the protocol to be carried by IP.

External
IP
Address

Assign IP Address

Specify the public IP address for the internal server.
You can type an IP address, or use the IP address of an interface.

Use IP Address of
Interface

Global Port

Specify the global port number(s) for the internal server.
This option is available when 6(TCP) or 17(UDP) is selected as the
protocol type. You can:

•

Use the single box to specify a global port.

•

Use the double boxes to specify a range of global ports each of which

has a one-to-one correspondence with the specified internal IP

address. The number you typed in the right box should be higher than
that in the left box.

If you use the single box and specify a port of 0, all types of services are
provided. This configuration indicates a static connection between

external IP addresses and internal IP addresses.

Internal IP

Specify the internal IP address(es) for the internal server.

•

Single box: Used to specify an internal IP address when 6(TCP) or
17(UDP) is not selected for the protocol type or you specify a single

global port.

•

Double boxes: Used to specify a range of internal IP addresses each
of which has a one-to-one correspondence with a port in the specified

range. The IP address in the right box must be higher than that in the

left box, and the number of addresses must be identical to the number

of specified global ports.

Internal Port

Specify the internal port number of the internal server.
This option is available when 6(TCP) or 17(UDP) is selected for the

protocol type. If you type 0 in the text box, all types of services are
provided. This configuration indicates a static connection between

internal addresses and external addresses.

Enable track to VRRP

Configure whether to associate the internal server on an interface with a
VRRP group, and specify the VRRP group to be associated if you

associate the internal server on an interface with a VRRP group.
When two network devices deliver both stateful failover and dynamic
NAT,

•

Make sure the public address of an internal server on an interface is

associated with one VRRP group only; otherwise, the system
associates the public address with the VRRP group having the highest

group ID.

•

To ensure normal switchovers between the two devices, you need to

add devices to the same VRRP group, and associate dynamic NAT

with the VRRP group.

VRRP Group

Return to

Internal server configuration task list

.