Associating An Acl With An Address Pool - H3C SecPath F1800-A Operation Manual

Operation Manual - Security Defence
H3C SecPath F1800-A Firewall
Do as follows in system view.
Table 3-1 Defining a NAT address pool
Define a NAT address pool.
Remove a NAT address
pool.
Caution:
When an address pool is associated with an ACL to perform NAT, it cannot be
deleted.

3.3.2 Associating an ACL with an Address Pool

Translation association is to associate an address pool with an ACL, which specifies
only the specific IP packet can use the address in the associated address pool. When
a data packet in the intranet is to be sent to an extranet, the packet will be checked
first based on the ACL and then the relevant address pool is found based on the
translation association. Thus, the source address of the packet is translated into a
public address in the associated address pool.
Translation association is enabled if the parameter no-pat is not used. Therefore, the
internal IP address and port number of the packet can be translated into an external
address and port number of the router (firewall) in the associated address pool. In the
same way, the external address and port number of the response packet can be
translated into the internal IP address and port number based on the destination
address of the packet.
Do as follows in interzone view.
Table 3-2 Associating an ACL with an address pool
Associate an ACL with an address
pool.
Remove the association between the
ACL and the address pool.
Action
nat address-group group-number start-address
end-address [ vrrp virtual-router-ID ]
undo nat address-group group-number [ vrrp ]
Action
Command
nat outbound
address-group group-number [ no-pat ]
undo nat
[ address-group group-number [ no-pat ] ]
6-76
Chapter 3 NAT
Command
acl-number
outbound acl-number