Configuring Internal NAT Server

Procedure

1. Run system-view

   The system view is displayed.

2. Run interface interface-type interface-number [ .subnumber ]

   The interface view or sub-interface view is displayed.

3. Run either of the following commands to configure an internal NAT server:
   • nat server protocol { tcp | udp } global { global-address | current-interface | interface interface-type interface-number [ .subnumber ] } global-port [ global-port2 ] [ vrrp vrrpid ] inside host-address [ host-address2 ] [ host-port ] [ vpn-instance vpn-instance-name ] [ acl acl-number ] [ description description ]
   • nat server [ protocol { protocol-number | icmp | tcp | udp } ] global { global-address | current-interface | interface interface-type interface-number [ .subnumber ] } [ vrrp vrrpid ] inside host-address [ vpn-instance vpn-instance-name ] [ acl acl-number ] [ description description ]
   • When configuring an internal NAT server, ensure that global-address and host-address are different from IP addresses of ports and IP addresses in the user address pool.
   • You can use the IP address of current-interface or loopback as the internal server's IP address.
   • The undo nat server command does not delete mapping entries immediately. You can run the reset nat session command to delete mapping entries.
   • Compared with static NAT, NAT Server translates only the IP address, but not the port number, when the private network initiatively accesses the public network.
   • When you configure one-to-one NAT Server that borrows an interface IP address (no interface number is specified and the IP address is mapped to a private network address), other services enabled on the interface may become unavailable. Confirm your action before performing the configuration. If you want to enable other applications on the interface, add an ACL rule after the configuration to filter out the number of the interface on which the applications are enabled.