Configuring outbound dynamic NAT
To translate private IP addresses into public IP addresses, configure outbound dynamic NAT on the interface connected to the external network.
The source IP addresses of the outgoing packets that match the ACL permit rule are translated into IP addresses in the address group.
The reversible keyword enables the device to perform the following operations:
Compare the destination IP address in the first packet from the public network with existing NO-PAT entries.
Translate the destination address into the private address in a matching NO-PAT entry.
If NAT is configured on only one output interface in a dual uplink network, do not add the two output interfaces to the same security zone. Doing so will cause traffic interruption. For more information about security zones, see Fundamental Configuration Guide.
To configure outbound dynamic NAT:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Configure an address group and enter its view. | nat address-group group-id [ name group-name ] | By default, no address groups exist. |
3. Add an address range to the address group. | address start-address end-address | By default, no address ranges exist. You can add multiple address ranges to an address group. The address ranges must not overlap. |
4. Return to system view. | quit | N/A |
5. Enter interface view. | interface interface-type interface-number | N/A |
6. Configure outbound dynamic NAT. |
| By default, no outbound dynamic NAT rules exist. You can configure multiple outbound dynamic NAT rules on an interface. |
7. Return to system view. | quit | N/A |
8. (Optional.) Configure a PAT mapping mode. | nat mapping-behavior endpoint-independent [ acl { ipv4-acl-number | name ipv4-acl-name } ] | The default mapping mode is Address and Port-Dependent Mapping. This command takes effect only on outbound dynamic NAT for PAT. |