HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual page 311

3. Define the traffic that you want to NAT. For example, if you want to NAT
all traffic with the destination address of the Web server, enter:
Syntax: [permit | deny] <protocol> [any | host <A.B.C.D> | hostname <hostname>
| <A.B.C.D> <wildcard bits>] <source port> [any | host <A.B.C.D> | <A.B.C.D>
<wildcard bits>] <destination port>
For example, to NAT all traffic sent to the IP address 10.1.1.1, enter:
ProCurve(config-ext-nacl)# permit ip any host 10.1.1.1
4. If your company has more than one server that clients on the Internet need
to access, you should configure an extended ACL for each server. Use the
<destination port> options to select traffic for a particular server. For
example, to select traffic to a Web server, create the extended ACL and
enter this permit entry:
ProCurve(config-ext-nacl)# permit tcp any host 10.1.1.1 eq 80
5. Exit the ACL to return to the global configuration mode context.
ProCurve(config-ext-nacl)# exit
6. Create an ACP.
Syntax: ip policy-class <policyname>
Replace <policyname> with a name that is a maximum of 255 alphanu-
meric characters. For example, to create a policy called NATWeb, enter:
ProCurve(config)# ip policy-class NATWeb
7. Create a NAT entry based on the destination IP address.
Syntax: nat destination list <listname> address <A.B.C.D> [port <1-65525>]
Replace <listname> with the ACL you created and replace <A.B.C.D>
with the private IP address of the device. For example, to NAT the traffic
that you specified in the Webserver ACL to the private IP address
192.168.115.1, enter:
ProCurve(config-policy-class)# nat destination list Webserver address
192.168.115.1
You can use the port option to ensure that the Secure Router OS firewall
forwards the traffic to the port used by your server.
8. Return to the global configuration mode context.
ProCurve(config-policy-class)# exit
Configuring Network Address Translation
Quick Start
6-27