Network Address Translation

NOTE: You must configure inside NAT on one interface and outside NAT on another interface. The device performs NAT for traffic between the interfaces.

In addition to the tasks listed above, you can modify the age timers for the address translation entries the device creates. See “Changing Translation Table Timeouts” on page 11-7for information. For information about viewing the active NAT translations, see “Displaying the Active NAT Translations” on page 11-8.

The following sections provide procedures for configuring NAT.

Configuring Static Address Translations

Use the following CLI method to configure static NAT.

NOTE: NAT supports translation of private (inside) addresses into global (outside) addresses only. Translation of global addresses into private addresses is not supported.

USING THE CLI

To configure static NAT for an IP address, enter commands such as the following:

HP9300(config)# ip nat inside source static 10.10.10.69 209.157.1.69

The commands in this example statically map the private address 10.10.10.69 to the Internet address 209.157.1.69.

Syntax: [no] ip nat inside source static <private-ip> <global-ip>

This command associates a specific private address with a specific Internet address. Use this command when you want to ensure that the specified addresses are always mapped together.

The inside source parameter specifies that the mapping applies to the private address sending traffic to the Internet.

The <private-ip> parameter specifies the private IP address.

The <global-ip> parameter specifies the Internet address. The device supports up to 256 global IP addresses.

Neither of the IP address parameters needs a network mask.

Configuring Dynamic NAT Parameters

To configure dynamic NAT:

Configure a standard or extended ACL for each private address range.

Configure a pool for each consecutive range of Internet addresses.

Associate private addresses (ACLs) with pools.

Optionally, enable the Port Address Translation feature.

Use the following CLI method to configure dynamic NAT.

USING THE CLI

You can configure dynamic NAT with the Port Address Translation feature disabled or enabled.

Example with Port Address Translation Disabled

To configure dynamic NAT with the Port Address Translation feature disabled, enter commands such as the following at the global CONFIG level of the CLI:

HP9300(config)# access-list 1 permit 10.10.10.0/24

HP9300(config)# ip nat pool OutAdds 209.157.1.2 209.157.1.254 prefix-length 24 HP9300(config)# ip nat inside source list 1 pool OutAdds

11 - 5