The configuration method to realize NAT and policy-route for the underlying users of NE40

Publication Date:  2012-07-27 Views:  72 Downloads:  0
Issue Description
The networking structure: refer to the appendix
the networking requirement
: NE40 connects with two private network segments, one is 10.1.0.0/16 user, which is out from the interface via NE40 which connects with ISP A, if the link is down, it is out from the interface connecting with ISP B, the other is 192.168.0.0/16, it is out from the interface connecting with ISP B, if the link is down, it is out from the interface connecting with ISP A, the users of those two private network segments realize NAT on NE40.

Data deployment
: 10.1.0.0/16 corresponds to the NAT address pool "211.91.220.33 to 211.91.220.46", 192.168.0.0/16 corresponds to the NAT address pool "211.138.224.161 to 211.138.224.174", the IP of NE40 connecting with ISP A is 211.91.220.16/30, the IP of NE40 connecting with ISP B is 211.138.224.80/30

 

Alarm Information
Null
Handling Process

The followings are the configuration cases
configure one flow classification rule based on IP
rule-map intervlan rule1 ip 10.0.0.0 0.0.255.255 any                         
rule-map intervlan rule2 ip 192.168.0.0 0.0.255.255 any

confiugre the NAT address pool
nat address-group liantong 211.91.220.33 211.91.220.46 mask 255.255.255.240 slot 5                                                                       
nat address-group yidong 211.138.224.161 211.138.224.174 mask 255.255.255.240 slot 5

configure NAT policy
nat-policy number 1 ip 211.91.220.18 nat address-group liantong                
nat-policy number 2 ip 211.138.224.82 nat address-group yidong

confiugre NAT policy action                                                    
flow-action liantong nat 1 2
flow-action yidong nat 2 1

configure EACL
associate the flow classification and NAT policy action
eacl nat rule1 liantong
eacl nat rule2 yidong

on the in-interface, enable eacl
interface ethernet 1/0/0
access-group router eacl nat

ip route-static 0.0.0.0 0.0.0.0 211.91.220.18 preference 60
ip route-static 0.0.0.0 0.0.0.0 211.138.224.82 preference 100                   
                    
ip route-static 211.91.220.32 255.255.255.240 NULL 0 preference 60             
ip route-static 211.138.224.160 255.255.255.240 NULL 0 preference 60

Root Cause
The above version of VRP3.10-2222SP01 supports NAT switch and policy route realization simultaneously.
Suggestions
Null

END