H3c-technologies H3C SecPath F1000-E Manual de usuario descargar pdf (Pagina 66)

[SecPath-GigabitEthernet0/1] nat server protocol tcp global 5.5.5.10 ftp inside

192.168.1.2 ftp

SIP/H.323 ALG configuration example

The H.323 ALG configuration is similar to the SIP ALG configuration. This example describes the SIP ALG

configuration.

Network requirements

As shown in Figure 55, a company uses the private network segment 192.168.1.0/24, and has four

public network addresses: 5.5.5.1, 5.5.5.9, 5.5.5.10, and 5.5.5.11. SIP UA 1 is on the internal network

and SIP UA 2 is on the external network.

Configure NAT and ALG on the SecPath so that SIP UA 1 and SIP UA 2 can communicate by using their

aliases, and SIP UA 1 selects an IP address from the range 5.5.5.9 to 5.5.5.11 when registering with the

SIP server on the external network.

Figure 55 Network diagram

Configuration procedure

# Configure the address pool and ACL.

<SecPath> system-view

[SecPath] nat address-group 1 5.5.5.9 5.5.5.11

[SecPath] acl number 2001

[SecPath-acl-basic-2001] rule permit source 192.168.1.0 0.0.0.255

[SecPath-acl-basic-2001] rule deny

[SecPath-acl-basic-2001] quit

# Enable ALG for SIP.

[SecPath] alg sip

# Configure NAT.

[SecPath] interface GigabitEthernet 0/2

[SecPath-GigabitEthernet0/2] nat outbound 2001 address-group 1

NBT ALG configuration example

Network requirements

As shown in Figure 56, a company using the private network segment 192.168.1.0/24 wants to provide

NBT services to the outside.

1 2 ... 61 62 63 64 65 66 67 68

Sin comentarios

H3c-technologies H3C SecPath F1000-E Manual de usuario Pagina 66