145
Step Command Remarks
global-vpn-instance-name ]
local
local-network { mask-length |
mask } [
vpn-instance
local-vpn-instance-name
] [
acl
{ ipv4-acl-number |
name
ipv4-acl-name } [
reversible
] ]
[
disable
]
permitted by the ACL.
3. Return to system view.
quit
N/A
4. Enter interface view.
interface
interface-type
interface-number
N/A
5. Enable static NAT on the
interface.
nat static enable
By default, static NAT is disabled.
Configuring object group-based inbound static NAT
Configure object group-based inbound static NAT to translate public IP addresses into private IP
addresses.
• When the source address of a packet from the public network matches the public address
object group, the source address is translated into a private address in the private address
object group.
• When the destination address of a packet from the private network matches the private address
object group, the destination address is translated into a public address in the public address
object group.
To configure object group-based inbound static NAT:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Configure an object
group-based inbound static
NAT mapping.
nat static inbound object-group
global-object-group-name
[
vpn-instance
global-vpn-instance-name
]
object-group
local-object-group-name
[
vpn-instance
local-vpn-instance-name
] [
acl
{ ipv4-acl-number |
name
ipv4-acl-name } [
reversible
] ]
[
disable
]
By default, no mappings exist.
If you specify the
acl
keyword,
NAT processes only packets
permitted by the ACL.
3. Return to system view.
quit
N/A
4. Enter interface view.
interface
interface-type
interface-number
N/A
5. Enable static NAT on the
interface.
nat static enable
By default, static NAT is disabled.
Configuring dynamic NAT
Dynamic NAT translates a group of private IP addresses into a smaller number of public addresses.
You can specify an address group (or the IP address of an interface) and an ACL to implement
dynamic NAT.
To Next Page
Loading...
