HP 7102dl - ProCurve Secure Router Configuration Manual page 309

If you enter 192.168.115.0 with the wildcard bits 0.0.0.31, the Secure Router
OS firewall will not match the last five address bits in the fourth octet. The
firewall will match all hosts with addresses between 192.168.115.1 and
192.168.115.31 to the deny entry. If you enter permit 192.168.115.0
0.0.0.255, the Secure Router OS firewall will not match any address bits in
the last octet. This entry selects all hosts in the 192.168.115.0 /24 network.
Configuring an Extended ACL for One-to-One NAT. When you config-
ure one-to-one NAT, you must create an extended ACL to define the public
destination address that the ProCurve Secure Router will NAT to a private IP
on the internal network. For example, to create an extended ACL called
Outside, enter:
ProCurve(config)# ip access-list extended Outside
You can then use the following command to create the permit and deny entries
that select the traffic for NAT:
Syntax: [permit | deny] <protocol> <source address> <source port> <destination
address> <destination port>
Replace <protocol> with one of the following:
icmp
ip
tcp
udp
ahp
esp
gre
You can also specify a port number between 0 and 255.
To specify a source address or destination address, you use the following
syntax:
Syntax: [any | host <A.B.C.D> | hostname <hostname> | <A.B.C.D> <wildcard bits>]
Table 6-3 shows the options for specifying source and destination addresses.
Configuring Network Address Translation
Configuring NAT
6-11