H3C SecPath F1800-A Operation Manual page 422

Operation Manual - Security Defence
H3C SecPath F1800-A Firewall
II. Basic Configuration
The configuration procedure of many-to-many NAT on the SecPath F1800-A is as
follows:
1) Defining a need-based NAT address pool in system view
nat address-group group-number start-addr end-addr [ vrrp virtual-router-ID ]
group-number: refers to the address pool ID.
start-addr and end-addr: refers to the start address and end address of the pool,
respectively.
virtual-router-ID: specifies the number of a VRRP backup group.
2) Defining an ACL in system view and ACL view
Define an ACL in system view.
acl [ number ] acl-number
Define an ACL rule in ACL view.
rule [ rule-id ] { permit | deny } [ source sour-addr sour-wildcard | any ] [ time-range
time-name ]
Or
rule [ rule-id ] { permit | deny } protocol [ source sour-addr sour-wildcard | any ]
[ destination dest-addr dest-mask | any ] [ source-port operator port1 [ port2 ] ]
[ destination-port operator port1 [ port2 ] ] [ icmp-type icmp-type icmp-code ]
[ precedence precedence ] [ tos tos ] [ time-range time-name ]
For the above parameters, refer to
3) Associating the ACL and the NAT address pool in interzone view
nat outbound acl-number address-group group-number [ no-pat ]
Based on the association between the ACL numbered acl-number and the NAT
address pool numbered group-number, the NAT server will check data packets
transmitted in the interzone (such as the trust zone and the untrust zone), translate
and forward the packet that match the ACL rule.
Note:
no-pat is an optional parameter. For its function, refer to
"Chapter 2 ACL".
6-70
Chapter 3 NAT
"4.2.3 NAPT".