HP MSR Series Command Reference Manual page 245
Layer 3 ip services
command reference (v7)
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (684 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
name acl-name: Specifies an ACL by its name, a case-insensitive string of 1 to 63 characters.
reversible: Allows reverse address translation. Reverse address translation applies to connections
actively initiated by internal hosts to the external hosts. It uses the mapping to translate destination
addresses for packets of these connections if the packets are permitted by ACL reverse matching.
Usage guidelines
Specify a public network through a start address and an end address, and a private network through a
private address and a mask.
The public end address cannot be greater than the greatest IP address in the subnet determined by the
public start address and the private network mask. For example, if the private address is 2.2.2.0 with a
mask 255.255.255.0 and the public start address is 1.1.1.100, the public end address cannot be greater
than 1.1.1.255, the greatest IP address in the subnet 1.1.1.0/24.
When the source IP address of an incoming packet matches the public address range, the source IP
address is translated into a private address in the private address range. When the destination IP
address of a packet from the private network matches the private address range, the destination IP
address is translated into a public address in the public address range.
•
If you do not specify an ACL, the source addresses of all incoming packets and the destination
addresses of all outgoing packets are translated.
If you specify an ACL and do not specify the reversible keyword, the source addresses of incoming
•
packets permitted by the ACL are translated. The destination addresses of packets are not translated
for connections actively initiated by internal hosts to the external hosts.
If you specify both an ACL and the reversible keyword, the source addresses of incoming packets
•
permitted by the ACL are translated. If packets of connections actively initiated by internal hosts to
the external hosts are permitted by ACL reverse matching, the destination addresses are translated.
ACL reverse matching works as follows:
Compares the source IP address/port of a packet with the destination IP addresses/ports in the
•
ACL.
Translates the destination IP address of the packet according to the mapping, and then compares
•
the translated destination IP address/port with the source IP addresses/ports in the ACL.
Static NAT takes precedence over dynamic NAT when both are configured on an interface.
You can configure multiple inbound static NAT mappings by using the nat static inbound command and
the nat static inbound net-to-net command.
Examples
# Configure an inbound static NAT between public network address 202.100.1.0/24 and private
network address 192.168.1.0/24.
<Sysname> system-view
[Sysname] nat static inbound net-to-net 202.100.1.1 202.100.1.255 local 192.168.1.0 24
Related commands
display nat all
•
display nat static
•
nat static enable
•
231
Advertisement
Table of Contents
