HP 6308M-SX, 9304M, 9308M manual 484

Network Address Translation

Enabling NAT

The NAT configuration does not take effect until you enable it on specific interfaces. You can enable NAT on Ethernet ports and on virtual interfaces. You also can enable the feature on the primary port of a trunk group, in which case the feature applies to all the ports in the trunk group.

NOTE: You must configure inside NAT on one interface and outside NAT on another interface. The device performs NAT for traffic between the interfaces.

To enable NAT, use the following CLI methods.

Enabling Inside NAT

To enable inside NAT on the interface attached to the private addresses, use the following CLI method.

USING THE CLI

To enable inside NAT on an interface, enter commands such as the following:

HP9300(config)# interface ethernet 1/1

HP9300(config-if-1/1)# ip nat inside

This command enables inside NAT on Ethernet port 1/1.

Syntax: [no] ip nat inside

To enable inside NAT on a virtual interface, enter commands such as the following:

HP9300(config)# interface ve 1

HP9300(config-vif-1)# ip nat inside

This command enables inside NAT on virtual interface 4.

Enabling Outside NAT

To enable outside NAT on the interface attached to public addresses, use the following CLI method.

USING THE CLI

To enable outside NAT on an interface, enter commands such as the following:

HP9300(config)# interface ethernet 1/2

HP9300(config-if-1/2)# ip nat outside

This command enables outside NAT on Ethernet port 1/2.

Syntax: [no] ip nat outside

To enable outside NAT on a virtual interface, enter commands such as the following:

HP9300(config)# interface ve 2

HP9300(config-vif-2)# ip nat outside

This command enables outside NAT on virtual interface 4.

Changing Translation Table Timeouts

The NAT translation table contains all the currently active NAT translation entries on the device. An active entry is one that the device created for a private address when that client at that address sent traffic to the Internet. NAT performs the following steps to provide an address translation for a source IP address:

•The feature looks in the NAT translation table for an active NAT entry for the translation. If the table contains an active entry for the session, the device uses that entry.

•If NAT does not find an active entry in the NAT translation table, NAT creates an entry and places the entry in the table. The entry remains in the table until the entry times out.

Each NAT entry remains in the NAT translation table until the entry ages out. The age timers apply globally to all interfaces on which NAT is enabled.

11 - 7