Using The Cli To Configure One-To-One Nat - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
Configuring Network Address Translation
Quick Start
6-26
8.
To apply the ACP to an interface, move to the configuration mode context
for that interface.
Syntax: interface <interface> <number>
Valid interfaces include PPP interfaces, Frame Relay subinterfaces, ATM
subinterfaces, HDLC, Ethernet interfaces, and demand interfaces. (If you
have enabled support for virtual LANs [VLANs], you must apply the ACP
to an Ethernet subinterface.)
9.
Apply the ACP to the interface by entering the following command from
the appropriate interface configuration mode context:
Syntax: access-policy <policyname>
For example, if you want to apply the NATInside ACP to the Ethernet 0/1
interface, enter:
ProCurve(config-eth 0/1)# access-policy NATInside
Using the CLI to Configure One-to-One NAT
Unlike many-to-one NAT, one-to-one NAT is based on the destination IP
address of inbound traffic. One-to-one NAT is used when a host, such as an
FTP server or a Web server, is located on the internal, trusted network but
must be accessed by clients on the Internet.
To access this server, Internet users enter a URL, which is resolved (through
DNS) to a public IP address. However, this IP address is not the IP address
that the server is using on the internal network. The Secure Router OS firewall
uses NAT to translate the public IP address to the server's internal IP address.
To implement one-to-one NAT on the ProCurve Secure Router, you must
configure an access control policy (ACP) and apply it to the appropriate
interface:
1.
From the global configuration mode context, enable the firewall on the
ProCurve Secure Router.
ProCurve(config)# ip firewall
2.
From the global configuration mode context, create an extended access
control list (ACL).
Syntax: ip access-list extended <listname>
Replace <listname> with the name you want to assign the ACL.
For example, to create an ACL called Webserver, enter:
ProCurve(config)# ip access-list extended Webserver
Advertisement
Chapters
Table of Contents
Troubleshooting
