nat server protocol global inside (NAT instance view)
Function
The nat server protocol global inside command configures an internal server that runs a specific protocol.
The undo nat server protocol global inside command deletes the configuration of an internal server that runs a specific protocol.
By default, no internal server that runs a specific protocol is configured.
This command is supported only on the NetEngine 8000 F1A.
Format
nat server protocol { tcp | udp | protocol-number } global global-address [ global-protocol ] [ vpn-instance vpn-instance-name ] inside host-address [ host-protocol ] [ vpn-instance vpn-instance-name ] [ extendable ]
undo nat server protocol { tcp | udp | protocol-number } global global-address [ global-protocol ] [ vpn-instance vpn-instance-name ] inside host-address [ host-protocol ] [ vpn-instance vpn-instance-name ] [ extendable ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| tcp |
Indicates that an internal server runs TCP. |
- |
| udp |
Indicates that an internal server runs UDP. |
- |
| protocol-number |
Specifies a protocol number. |
The value is an integer ranging from 1 to 255. |
| global global-address |
Specifies the public IP address of an internal server. |
The value is in dotted decimal notation. |
| global-protocol |
Specifies the protocol that an internal server runs to communicate with an external device. The value can be POP2, POP3, or SMTP.
|
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. |
| vpn-instance vpn-instance-name |
Specifies the name of a VPN instance to which an internal server belongs. |
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string. |
| inside host-address |
Specifies the private IP address of an internal server. |
The value is in dotted decimal notation. |
| host-protocol |
Specifies the protocol that an internal server runs. For example, the protocol can be PoP2, PoP3, or SMTP.
|
The value is a string of 1 to 31 case-sensitive characters. It cannot contain spaces. |
| extendable |
Indicates the extended NAT server identifier, meaning that an internal server with a private IP address and different public IP addresses can be configured. |
- |
Usage Guidelines
Usage Scenario
NAT hides the structure of an internal network, including devices on the internal network. A device on an external network may need to access an internal host, such as a web or FTP server.
Configuration Impact
The internal server function enables a NAT device to translate the public IP address to the private IP address based on a static mapping entry that contains a private IP address, a private port number, a public IP address, and a public port number or a static mapping entry that contains a private IP address and a public IP address.
Precautions
When you configure the internal server function, note the following:
- When the non-easy IP mode is used to configure a global address, the global address must be different from an existing IP address assigned to a device or its interface, preventing IP address conflicts.
- The global-address must be different from any IP address in a NAT address pool.
- After the extendable parameter is configured, the mapping between a pair of a private IP address and a private port number and different pairs of public IP addresses and public port numbers can be configured for an internal server in a NAT instance. If the FTP/RTSP/SIP server is deployed on the private network side, you are advised to configure the NAT server at the address level. When the port-level NAT server is used, the connection may be interrupted. NAT ALG does not take effect on protocol packets that match port-level NAT internal server mappings.