No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Are Packet Statistics Collected When Both NAT and IPSec Are Deployed?

How Are Packet Statistics Collected When Both NAT and IPSec Are Deployed?

When both NAT and IPSec are deployed on GE0/0/1, the source and destination addresses of collected packets are post-NAT addresses, for example, 1.1.1.1 and 2.1.1.1.

<Huawei> system-view
[Huawei] acl 3005
[Huawei-acl-adv-3005] rule 5 permit ip source 1.1.1.1 0 destination 2.1.1.1 0
[Huawei-acl-adv-3005] rule 10 permit ip source 2.1.1.1 0 destination 1.1.1.1 0
[Huawei-acl-adv-3005] quit

Configure a traffic classifier, traffic behavior, and traffic policy.

[Huawei] traffic classifier c1
[Huawei-classifier-1] if-match acl 3005
[Huawei-classifier-1] quit
[Huawei] traffic behavior b1
[Huawei-behavior-b1] statistic enable
[Huawei-behavior-b1] quit
[Huawei] traffic policy p1
[Huawei-trafficpolicy-p1] classifier c1 behavior b1
[Huawei-trafficpolicy-p1] quit

On GE0/0/1, apply the traffic policy and configure NAT pre-classify.

[Huawei] interface gigabitethernet0/0/1
[Huawei-GigabitEthernet0/0/1] qos pre-nat
[Huawei-GigabitEthernet0/0/1] traffic-policy p1 inbound
[Huawei-GigabitEthernet0/0/1] traffic-policy p1 outbound
[Huawei-GigabitEthernet0/0/1] quit

Configure IPSec to pre-extract original packet information.

[Huawei] ipsec policy policy1 10 isakmp
[Huawei-ipsec-policy-isakmp-policy1-10] qos pre-classify
[Huawei-ipsec-policy-isakmp-policy1-10] quit
Translation
Download
Updated: 2019-05-10

Document ID: EDOC1000079719

Views: 444116

Downloads: 4295

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next