Sip/h.323 alg configuration example – H3C Technologies H3C SecBlade FW Cards User Manual
Page 42
35
Figure 24 Network diagram for FTP ALG configuration
2.
Configuration procedure
# Configure the address pool and ACL.
<Router> system-view
[Router] nat address-group 1 5.5.5.9 5.5.5.11
[Router] acl number 2001
[Router-acl-basic-2001] rule permit
[Router-acl-basic-2001] quit
# Enable ALG for FTP.
[Router] alg ftp
# Configure NAT.
[Router] interface ethernet 1/1
[Router-Ethernet1/1] nat outbound 2001 address-group 1
# Configure internal FTP server.
[Router-Ethernet1/1] nat server protocol tcp global 5.5.5.10 ftp inside 192.168.1.2 ftp
SIP/H.323 ALG configuration example
NOTE:
H.323 ALG configuration is similar to SIP ALG configuration. The following takes SIP ALG configuration
as an example.
1.
Network requirements
As shown in
, a company accesses the Internet through a device with NAT and ALG enabled.
The inside network segment of the company is 192.168.1.0/24. Configure NAT and ALG to meet the
following requirements:
•
SIP UA 1 in the inside network and SIP UA 2 in the outside network can communicate with their
aliases.
•
The company has four public network addresses: 5.5.5.1, 5.5.5.9, 5.5.5.10, and 5.5.5.11. SIP UA 1
selects one from the range 5.5.5.9 to 5.5.5.11 as its public network address when registering with
the SIP server in the outside network.
Host
FTP server
Local: 192.168.1.2
Global: 5.5.5.10
SecPath
Internet
GE0/0
5.5.5.1/24
192.168.1.1/24