Configuring Network Address Translation
Quick Start
6-26
3.
Create entries in the ACL to select the traffic that you want to NAT.
Syntax: [permit | deny] [any | host <A.B.C.D> | hostname <hostname> | <A.B.C.D>
<wildcard bits>]
For example, to NAT all traffic, enter:
ProCurve(config-std-nacl)# permit any
To NAT traffic from subnet 192.168.115.0 /24, use wildcard bits to specify
a range of IP addresses.
ProCurve(config-std-nacl)# permit 192.168.115.0 0.0.0.255
4.
Exit the ACL to return to the global configuration mode context.
ProCurve(config-std-nacl)# exit
5.
Create an ACP.
Syntax: ip policy-class <policyname>
Replace <policyname> with a name that is a maximum of 255 alphanu-
meric characters. For example, to create a policy called NATInside, enter:
ProCurve(config)# ip policy-class NATInside
6.
Create a NAT entry based on the source IP address.
Syntax: nat source list <listname> [address <A.B.C.D> | interface <interface>]
overload
Replace <listname> with the ACL you created.
You have two options for specifying the public IP address. You can use
the address <A.B.C.D> option to specify a particular IP address, or you
can use the interface <interface> option to specify a particular inter-
face. If you use the interface option, the Secure Router OS will NAT the
traffic selected by the ACL to the IP address assigned to that interface.
Replace <A.B.C.D> with your company's public IP address.
Use the overload keyword to replace multiple source IP addresses with
one IP address.
For example, to NAT the traffic that you specified in the NAT ACL to the
IP address 10.1.1.1, enter:
ProCurve(config-policy-class)# nat source list NAT address 10.1.1.1 overload
7.
Return to the global configuration mode context.
ProCurve(config-policy-class)# exit