Filter
Top Products
2034 CHAPTER 133: NAT CONFIGURATION COMMANDS
group-number: Number of a predefined address pool. The value range varies by
device models.
no-pat: Translates IP addresses only, without dealing with the port information.
Description Use the
nat outbound command to enable NAT and associate an ACL with an
address pool. Packets that match the ACL rules will have their internal IP address
replaced by an address from the address pool.
Use the
undo nat outbound command to remove the association.
Note that:
■ You can configure different associations on one interface. Normally, the
associations are configured on the egress interface of an internal network that
connects to the external network(s).
■ In the case of Easy IP, if you have modified the interface address, you must reset
the original NAT translation table using the reset nat session command
before accessing external networks. Otherwise, it is possible that the original
NAT table entries cannot be automatically deleted or deleted with the reset
nat command.
■ Once the undo nat outbound command is executed, the NAT translation
table entries generated by the nat outbound command will not be deleted.
They will be aged out automatically after 5 to 10 minutes. During this period,
users who use these table entries cannot access external networks whereas
other users are not affected. You can also use the reset nat session command
to clear all the NAT address translation table entries. However, use of this
command will result in termination of address translation and all users will have
to reestablish connections. Users can make a proper choice as required.
■ When an ACL rule is not operative, no new NAT session entry depending on
the rule can be created. However, an existing connection is still available for
communication.
n
The following restrictions exist for some devices
■ The ACL rules referenced by the same interface cannot conflict. That is, the
source IP address, destination IP address and VPN instance information in any
two ACL rules cannot be the same. For basic ACLs (2,000 to 2,999), if the
source IP address and VPN instance information in any two ACL rules are the
same, a conflict occurs.
■ EASY IP cannot be configured on interface configured with DHCP Client.
■ An address pool must be configured on just one VLAN interface.
Example # Enable NAT for hosts in the 10.110.10.0/24 segment, using addresses 1.10.10.1
to 1.10.10.20 as the external IP addresses. Assume that interface Serial 1/0 is
connected to the external network.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 10.110.10.0 0.0.0.255
[Sysname-acl-basic-2001] rule deny
[Sysname-acl-basic-2001] quit