H3c-technologies H3C SecPath F1000-E Manual de usuario descargar pdf (Pagina 32)

Configuring NAPT

With a specific ACL associated with an address pool or interface address, NAPT translates the source

address of a packet permitted by the ACL into an IP address of the address pool or the interface address,

with using the port information.

To configure NAPT:

Ste

Command

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

3. Configure NAPT by associating an ACL with an IP

address pool on the outbound interface for

translating both IP address and port number.

nat outbound [ acl-number ] [ address-group

group-number [ vpn-instance vpn-instance-name ]

[ port-preserved ] ] [ track vrrp virtual-router-id ]

Configuring an internal server

Introduction to internal server

To configure an internal server, you need to map an external IP address and port number to the internal

server. This is done through executing the nat server command on an interface.

Internal server configurations include external network information (external IP address global-address),

internal network information (internal IP address local-address), and internal server protocol type.

Both internal servers and their external IP addresses can support L3VPN. If an internal server belongs to

an L3VPN, you also need to specify the vpn-instance-name argument. Without this argument specified,

the internal server does not belong to any VPN.

Configuring a common internal server

After mapping the internal IP address of a common internal server to an external IP address, hosts in

external networks can access the server located in the internal network.

To configure a common internal server:

Ste

Command

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

3. Configure a common internal server.

nat server [ acl-number ] [ index ] protocol pro-type global

{ global-address | interface interface-type interface-number |

current-interface } global-port1 global-port2 [ vpn-instance

global-name ] inside local-address1 local-address2 local-port

[ vpn-instance local-name ] [ track vrrp virtual-router-id ]

CAUTION:

• The firewall supports using the interface address as the external address of an internal server, which is

the Easy IP feature. If you want to specify an interface, the interface must be a loopback interface and

must already exist.

• If you confi

ure an internal server usin

Easy IP but do not confi

ure an IP address for the interface, the

internal server configuration does not take effect.

1 2 ... 27 28 29 30 31 32 33 34 35 36 37 ... 67 68

Comentarios a estos manuales

Sin comentarios

H3c-technologies H3C SecPath F1000-E Manual de usuario Pagina 32

Comentarios a estos manuales

Relacionado con productos y manuales para La Seguridad H3c-technologies H3C SecPath F1000-E