Nat Features; Static Nat; Dynamic Nat - H3C MSR 2600 Configuration Manual

layer protocol, and VPN instance in an ACL rule for packet matching. Only packets matching an ACL
permit rule are processed by NAT.

NAT features

Static NAT

Static NAT uses a fixed translation of a real address to a NAT address. Because the NAT address is the
same for each consecutive connection, static NAT allows bidirectional access to and from the host. With
dynamic NAT, each host uses a different address or port for each subsequent translation, so bidirectional
initiation is not supported.

Dynamic NAT

Dynamic NAT translates a group of real addresses to a pool of NAT addresses that are routable on the
destination network. The NAT address pool includes fewer addresses than the real group. When a host
accesses the destination network, NAT assigns the host an IP address from the NAT address pool. The
translation is created when the real host initiates a connection, and the translation lasts for the duration
of the connection. A user might use different IP address for each translation.
Dynamic NAT supports the modes of Not Port Address Translation (NO-PAT) and Port Address Translation
(PAT).
NO-PAT
NO-PAT uses a NAT address to translate one real address and creates a NO-PAT entry for recording the
mapping. When the connection between the internal and external is closed, the NAT address is released
and can be assigned to other NAT users.
NO-PAT supports IP address translation for all IP protocols.
PAT
PAT maps a group of real addresses to a single NAT address by using different port numbers. PAT
supports translating the transport identifiers of TCP and UDP port numbers, and ICMP query identifiers.
PAT improves the use of IP address resources, enabling more internal hosts to access the external network
at the same time.
Figure 49 shows how PAT works.
113