Nat Static - H3C S9500 Series Command Manual

Command Manual – NAT
H3C S9500 Series Routing Switches
[H3C-Vlan-interface2] nat server protocol tcp global 202.110.10.12 any inside
VPN1 10.110.10.12 any slot 3
[H3C-Vlan-interface2] nat server protocol udp global 202.110.10.12 any inside
VPN1 10.110.10.12 any slot 3
# Configure ACLs for packet redirection. You are recommended to configure two ACLs:
ACL 4000 and ACL 3001. ACL 4000 allows packets with VLAN ID 192 and DMAC being
the MAC address of VLAN-interface 192 to pass (only Layer 3 packets need to be
redirected to the NAT LPU for translation, while protocol and Layer 2 packets do not
need to be redirected). ACL 3001 is used to redirect packets that need to be translated
to the NAT LPU. The ID of the VLAN on the private network side is 192.
[H3C] acl number 4000
[H3C-acl-link-4000] rule permit ingress 192 egress 000f-e23f-3294 0-0-0
[H3C-acl-link-4000] quit
[H3C] acl number 3001
[H3C-acl-adv-3001] rule permit ip source 10.110.10.0 0.0.0.255
[H3C-acl-adv-3001] quit
# Customize a flow template, and then apply the flow template to Ethernet 4/1/1. The
interface card is located in slot 4.
[H3C] flow-template user-defined slot 4 sip 0.0.0.0 dip 0.0.0.0 dmac 0-0-0
vlanid
[H3C] interface Ethernet4/1/1
[H3C-Ethernet4/1/1] flow-template user-defined
# Reference the ACLs to redirect the packets that needs to be translated to the NAT
LPU. Ethernet 4/1/1 is the inbound interface on the private network side, and the VLAN
ID is 192.
[H3C] interface Ethernet4/1/1
[H3C-Ethernet4/1/1] traffic-redirect inbound ip-group 3001 link-group 4000
rule 0 slot 3 designated-vlan 192
Caution:
You need to bind VPN 1 to VLAN 192 on the private network side before referencing
the ACLs for packet redirection.

1.1.21 nat static

Syntax
nat static global global-addr inside [ vpn-name ] host-addr slot slot-no
Chapter 1 NAT Configuration Commands
1-24