H3C S9500 Series Command Manual page 27

Command Manual – NAT
H3C S9500 Series Routing Switches
Caution:
Up to 1,024 static address translation commands are supported by the system.
Up to 4,096 static NAT mappings are supported by the system.
NAT configuration for a VLAN can only be made on the same NAT LPU.
Do not remove static NAT entries too often if they operate normally.
Address translation is performed on the NAT LPU. Because packets sent from the
private network will not be delivered to the NAT LPU by default, you need to
reference QACLs on the receiving interface to redirect those packets to the NAT
LPU. You do not need to make specific NAT configuration for response packets
from the public network because their destination public IP addresses are recorded
in NAT entries.
The public network address in a static NAT entry should globally unique.
IP addresses cannot be used as VPN names. If you use IP addresses as VPN
names, the CLI treats them as IP addresses.
Examples
# Create a static mapping between the IP address 10.110.10.10 of a host in VPN 1 and
public network address 202.110.10.10. Suppose that VLAN-interface 2 is connected to
the ISP.
<H3C> system-view
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2]
10.110.10.10 slot 3
# Configure ACL 3001.
[H3C] acl number 3001
[H3C-acl-adv-3001] rule permit ip source 10.110.10.10 0.0.0.0
[H3C-acl-adv-3001] quit
# Reference ACL 3001 to redirect packets that are to be serviced by NAT to the NAT
board. Ethernet 4/1/1 is connected to the private network, and 192 is the corresponding
VLAN ID.
[H3C] interface Ethernet4/1/1
[H3C-Ethernet4/1/1]
designated-vlan 192
nat static global
traffic-redirect
1-26
Chapter 1 NAT Configuration Commands
202.110.10.10
inbound ip-group
inside VPN1
3001 slot 3