Operation Manual – NAT, Netstream, Policy RoutingH3C S7500 Series Ethernet Switches Chapter 1 NAT Configuration1-12Caution:z Each command that is used to modify blacklist-related configuration and is notsource IP address-specific must be coupled with the reset nat session command.z Although each blacklist-enabled LPU in the switch independently maintains its ownblacklist information, blacklist-related configuration commands executed on theswitch apply to all LPUs.1.3.7 Configuring NAT Connection Aging TimeYou can use the nat aging-time command to set the NAT connection aging time forCPU processed ALG (application layer gateway) NAT mapping entries or the NATconnection aging time for network processor (NP) processed NAT mapping entries. Amapping entry is removed from the NAT mapping table when the corresponding agingtimer expires.Follow these steps to configure the aging time of NAT connections:To do… Use the command… RemarksEnter system view system-view —Configure the agingtime of NATconnectionsnat aging-time { algtime-value | np slow }slot slot-numberOptionalBy default, the aging time for ALGNAT mapping entries is 120seconds. An NP uses fast agingtimer with aging time of 120seconds.1.3.8 Configuring NAT Security LoggingSecurity logging is used to record the detailed procedure information of the NATprocess.Security logging will record the following information:z Source IP address and port number before translationz Destination IP address and port number before translationz Source IP address and port number after translationz Start time and end time of the NAT processI. Enabling NAT loggingFollow these steps to enable NAT logging: