142
Configuring static NAT
Static NAT includes one-to-one static NAT and net-to-net static NAT for outbound and inbound
translation. Do not configure inbound static NAT alone. Typically, inbound static NAT functions with
outbound dynamic NAT, NAT Server, or outbound static NAT to implement bidirectional NAT.
Configuration prerequisites
Perform the following tasks before configuring static NAT:
• Configure an ACL to identify the IP addresses to be translated. The match criteria include the
source IP address, source port number, destination IP address, destination port number,
transport layer protocol, and VPN instance. For more information about ACLs, see ACL and
QoS Configuration Guide.
• Manually add a route for inbound static NAT. Use local-ip or local-network as the destination
address, and use global-ip, an address in global-network, or the next hop directly connected to
the output interface as the next hop.
Configuring outbound one-to-one static NAT
For address translation from a private IP address to a public IP address, configure outbound
one-to-one static NAT on the interface connected to the external network.
• When the source IP address of a packet from the private network matches the local-ip, the
source IP address is translated into the global-ip.
• When the destination IP address of a packet from the public network matches the global-ip, the
destination IP address is translated into the local-ip.
To configure outbound one-to-one static NAT:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Configure a one-to-one
mapping for outbound static
NAT.
nat static outbound
local-ip
[
vpn-instance
local-vpn-instance-name ]
global-ip [
vpn-instance
global-vpn-instance-name ] [
acl
{ ipv4-acl-number |
name
ipv4-acl-name } [
reversible
] ]
[
disable
]
By default, no mappings exist.
If you specify the
acl
keyword,
NAT processes only packets
matching the permit rule in the
ACL.
3. Return to system view.
quit
N/A
4. Enter interface view.
interface
interface-type
interface-number
N/A
5. Enable static NAT on the
interface.
nat static enable
By default, static NAT is disabled.
Configuring outbound net-to-net static NAT
For address translation from a private network to a public network, configure outbound net-to-net
static NAT on the interface connected to the external network.
• When the source IP address of a packet from the private network matches the private address
range, the source IP address is translated into a public address in the public address range.
To Next Page
Loading...
Need help?
General
