< Home

Configuring SCTP NAT

This section describes how to configure SCTP NAT.

SCTP NAT enables the firewall to translate not only the source and destination IP addresses of received SCTP packets but also the IP addresses in the source and destination address lists.

Configure SCTP NAT on the FW to determine the mappings between private IP addresses in SCTP address lists and public IP addresses. After the configuration is complete, Server-Map entries are automatically generated. These entries are available until the static mappings are deleted.

Procedure

  1. Access the system view.

    system-view

  2. Configure NAT Server for SCTP.

    • The same public IP address is advertised to all security zones; that is, the users in all security zones use the same public IP address to access the internal server.

      nat server [ name ] protocol sctp global global-address [global-port ] [ global-port-end ] inside host-address [ host-port [ host-port-end ] | host-address-end host-port ]

    • Different public IP addresses are advertised to various security zones; that is, the users in different security zones use various public IP addresses to access internal servers.

      nat server [ name ] zone zone-name protocol sctp global global-address [ global-port ] [ global-port-end ] inside host-address [ host-port [ host-port-end ] | host-address-end host-port ]

If the address list contains multiple private IP addresses, the firewall needs to translate these private IP addresses. The translation requires corresponding mappings created by running the NAT Server commands repeatedly. For example, if an address list contains 192.168.1.2 and 192.168.1.3 and they are to be translated to 1.1.1.2 and 1.1.1.3, run the NAT Server commands twice to set up the mappings.

Parent Topic: Configuring SCTP
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.