- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Setting up both inbound and outbound 1:1 NAT trans...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-23-2014 09:49 AM
06-23-2014 09:49 AM
Setting up both inbound and outbound 1:1 NAT translation...
I've been working with the various Comware based devices such as te F1000 firewall, the A5800 switches, and the MSR30-20 routers. Specifically I'm trying to figure out how (on the firewall and router) to create a NAT translation that is 1:1 on BOTH inbound and outbound.
Currently the problem is that I can get a 1:1 on the inbound (using the nat-server command) however my outbounds ignore the nat-server and use the PAT address grouping for outbound originated traffic. Specifically I have a public DNS server that the outside world needs to get to. I can get that part working, however when the server contacts the primary for zone transfers, the "originated" packets use the PAT address space rather than the NAT 1:1 address space.
The blow example has:
205.140.10.16 -> 172.16.0.16 (tcp/udp port 53)
172.16.0.16 -> public (sows up as some random address in the 205.140.10.240-244 range)
What I wanted was:
172.16.0.16 -> packet source 205.140.10.16
So, here is a cutout of what I'm using:
#
nat address-group 205.140.10.240 205.140.10.244
#
acl number 2000 name authorize_nat_outbound
rule 100 permit source 172.16.0.0 0.0.3.255
rule 105 deny
#
interface GigabitEthernet 0/0
port link-mode route
nat outbound static
nat outbound 2000 address-group 1
nat server protocol tcp global 205.140.10.16 dns inside 172.16.0.16 dns
nat server protocol udp global 205.140.10.16 dns inside 172.16.0.16 dns
ip address 205.140.10.199 255.255.255.0
#
interface GigabitEthernet 0/1
port link-mode route
ip address 172.16.0.1 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 205.140.10.1