Configuring object group-based outbound static NAT
Configure object group-based outbound static NAT on the interface connected to the external network to translate private IP addresses into public IP addresses.
When the source address of a packet from the private network matches the private address object group, the source address is translated into a public address in the public address object group.
When the destination address of a packet from the public network matches the public address object group, the destination address is translated into a private address in the private address object group.
An IPv4 address object group used by an object group-based outbound static NAT mapping can only contain a host object or a subnet object. Otherwise, the configuration does not take effect.
To configure object group-based outbound static NAT:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Configure an object group-based outbound static NAT mapping. | nat static outbound object-group local-object-group-name [ vpn-instance local-vpn-instance-name ] object-group global-object-group-name [ vpn-instance global-vpn-instance-name ] [ acl { ipv4-acl-number | name ipv4-acl-name } [ reversible ] ] [ disable ] | By default, no mappings exist. If you specify the acl keyword, NAT processes only packets permitted by the ACL. |
3. Return to system view. | quit | N/A |
4. Enter interface view. | interface interface-type interface-number | N/A |
5. Enable static NAT on the interface. | nat static enable | By default, static NAT is disabled. |