Configuring Nat With Alg; Configuring Nat Logging; Configuring Nat Session Logging - HPE FlexNetwork MSR Series Comware 7 Layer 3 - Ip Services Configuration Manuals

•
In C/S mode, the destination IP address of the packet going to the internal server is translated
by matching the NAT Server configuration. The source IP address is translated by matching the
outbound dynamic or static NAT entries.
NAT hairpin typically operates with NAT Server, outbound dynamic NAT, or outbound static NAT.
They must be configured on interfaces of the same interface card. Otherwise, NAT hairpin cannot
function correctly.
To configure NAT hairpin:
Step
1. Enter system view.
2. Enter interface view.
3. Enable NAT hairpin.

Configuring NAT with ALG

CAUTION:
In an IRF fabric, NAT configured on physical interfaces does not support ALG.
Configure NAT with ALG for a protocol to translate the IP addresses and port numbers in the
payloads for application layer packets.
To configure NAT with ALG:
Step
1. Enter system view.
2. Configure NAT with ALG for
a protocol or all protocols.

Configuring NAT logging

Configuring NAT session logging

NAT session logging records NAT session information, including translation information and access
information.
A NAT device generates NAT session logs for the following events:
•
NAT session establishment.
•
NAT session removal. This event occurs when you add a configuration with a higher priority,
remove a configuration, change ACLs, when a NAT session ages out, or when you manually
delete a NAT session.
•
Active NAT session logging.
To enable NAT session logging:
Command
system-view
interface interface-type
interface-number
nat hairpin enable
Command
system-view
nat alg { all | dns | ftp | h323 |
icmp-error | ils | mgcp | nbt |
pptp | rsh | rtsp | sccp | sip |
sqlnet | tftp | xdmcp }
154
Remarks
N/A
N/A
By default, NAT hairpin is disabled.
Remarks
N/A
By default, NAT with ALG is enabled
for DNS, FTP, ICMP error messages,
RTSP, and PPTP, and is disabled for
the other supported protocols.