133
Step Command Remarks
name acl-name ] address-group
group-number [ vpn-instance
vpn-instance-name ] no-pat
[ reversible ]
• Configure PAT:
nat outbound [ acl-number |
name acl-name ]
[ address-group group-number ]
[ vpn-instance
vpn-instance-name ]
[ port-preserved ]
You can configure multiple
outbound dynamic NAT rules on an
interface.
7. Return to system
view.
quit
N/A
8. (Optional.) Configure
a PAT mapping mode.
nat mapping-behavior
endpoint-independent
[
acl
{ acl-number |
name
acl-name } ]
The default mapping mode is
Address and Port-Dependent
Mapping
.
This command takes effect only on
outbound dynamic NAT for PAT.
Configuring inbound dynamic NAT
Inbound dynamic NAT enables translation from public IP addresses to private IP addresses. Do not
configure it alone. Typically, inbound dynamic NAT functions with outbound dynamic NAT, NAT
Server, or outbound static NAT to implement bidirectional NAT.
The source IP address of a received packet that is permitted by the ACL is translated into a public
address in the address group.
The add-route keyword enables the device to automatically add a route destined for the private
address when an inbound dynamic NAT rule is matched. The output interface is the NAT interface,
and the next hop is the source address before translation. If you do not specify this keyword, you
must manually add the route. As a best practice, create a route manually because it takes time to
automatically add routes.
The reversible keyword enables the device to perform the following operations:
• Compare the destination IP address in the first packet from the private network with existing
NO-PAT entries.
• Translate the destination address into the public address in a matching NO-PAT entry.
Inbound dynamic NAT does not support Easy IP.
To configure inbound dynamic NAT:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Configure an address
group and enter its
view.
nat address-group
group-number By default, no address group exists.
3. Add an address range
to the address group.
address
start-address end-address
By default, no address range exists.
You can add multiple address
ranges to an address group. The
address ranges must not overlap.
4. Return to system view.
quit
N/A
5. Enter interface view.
interface
interface-type
N/A
To Next Page
Loading...
Need help?
General
