Configuring One-To-One Nat For Inbound Traffic; Configuring One-To-One Nat With Port Translation - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
Configuring Network Address Translation
Configuring NAT
6-14
For example, to configure the Secure Router OS firewall to NAT all traffic
selected by the MatchAll ACL to the IP address 10.10.1.1, enter:
ProCurve(config-policy-class)# nat source list MatchAll address 10.10.1.1 overload
After you configure the ACP, you must assign it to an interface, or it will have
no affect on the traffic entering the router. This step is described in "Assigning
the ACP to an Interface" on page 6-15.
Configuring One-to-One NAT for Inbound Traffic
To configure one-to-one NAT for inbound traffic, you base NAT on the desti-
nation IP address. From the policy-class configuration mode context, enter:
Syntax: nat destination list <listname> address <A.B.C.D>
Replace <listname> with the name of the ACL that selects traffic for one-to-
one NAT, and replace <A.B.C.D> with the public destination IP address.
Because this is one-to-one NAT, you do not include the overload keyword.
For example, to configure the Secure Router OS firewall to NAT all traffic
selected by the Outside ACL to the IP address 192.168.1.10, enter:
ProCurve(config-policy-class)# nat destination list Outside address 192.168.1.10
Configuring One-to-One NAT with Port Translation
To configure one-to-one NAT with port translation, you base NAT on the
destination IP address. From the policy class configuration mode context,
enter:
Syntax: nat destination list <listname> address <A.B.C.D> port <1-65525>
For example, if you have two servers on your internal network that must share
a public IP address, you can configure ACLs to base one-to-one NAT on the
destination address and the destination port.
You first create an extended ACL to select traffic inbound to the public IP
address and a specific port. In this example, the ACL is called Webserver:
ProCurve(config)# ip access-list extended Webserver
You then create a permit entry to select traffic from any device that is destined
for the public IP address on port 80, the well-known port for HTTP traffic.
ProCurve(config-ext-nacl)# permit tcp any host 10.1.10.1 eq 80
ProCurve(config-ext-nacl)# exit
Advertisement
Chapters
Table of Contents
Troubleshooting
Need help?
Do you have a question about the ProCurve Secure Router 7203 dl and is the answer not in the manual?
Questions and answers