Configuring inbound dynamic NAT
Inbound dynamic NAT enables translation from public IP addresses to private IP addresses. Do not configure it alone. Typically, inbound dynamic NAT functions with outbound dynamic NAT, NAT Server, or outbound static NAT to implement bidirectional NAT.
The source IP address of a received packet that is permitted by the ACL is translated into a public address in the address group.
The add-route keyword enables the device to automatically add a route destined for the private address when an inbound dynamic NAT rule is matched. The output interface is the NAT interface, and the next hop is the source address before translation. If you do not specify this keyword, you must manually add the route. As a best practice, manually create a route because it takes time to automatically add routes.
The reversible keyword enables the device to perform the following operations:
Compare the destination IP address in the first packet from the private network with existing NO-PAT entries.
Translate the destination address into the public address in a matching NO-PAT entry.
Inbound dynamic NAT does not support Easy IP.
To configure inbound dynamic NAT:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Configure an address group and enter its view. | nat address-group group-id [ name group-name ] | By default, no address groups exist. |
3. Add an address range to the address group. | address start-address end-address | By default, no address ranges exist. You can add multiple address ranges to an address group. The address ranges must not overlap. |
4. Return to system view. | quit | N/A |
5. Enter interface view. | interface interface-type interface-number | N/A |
6. Configure inbound dynamic NAT. | nat inbound { ipv4-acl-number | name ipv4-acl-name } address-group { group-id | name group-name } [ vpn-instance vpn-instance-name ] [ no-pat [ reversible ] [ add-route ] ] [ disable ] | By default, no inbound dynamic NAT rules exist. You can configure multiple inbound dynamic NAT rules on an interface. |