No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - IP Service

AR500, AR510, AR531, AR550, AR1500, and AR2500 V200R010

This document describes the concepts and configuration procedures of IP Service features on the device, and provides the configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Twice NAT

Example for Configuring Twice NAT

Networking Requirements

As shown in Figure 5-19, the IP address of the outbound interface on the router is 2.2.2.2/24. The IP address of the LAN gateway is 1.1.1.1/24 and that of the carrier device connected to the router is 2.2.2.1/24. IP addresses of internal hosts are not assigned properly. The IP address of PC1 on the internal network overlaps with that of Server A on the external network. In this case, PC2 can access this server using the domain name of Server A, but PC2 may access PC1 on the same network segment based on the DNS resolution result. Users want packets to be forwarded correctly.

Figure 5-19  Network diagram for configuring twice NAT

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure an IP address for ports on the router.

  2. Configure a default route on the router.

  3. Configure the DNS ALG function to enable DNS packets to traverse the NAT device.

  4. Map the overlapped address pool to the temporary address pool.

  5. Configure outbound NAT to allow internal users to access external networks.

Procedure

  1. Configure an IP address for ports on the router.

    <Huawei> system-view
    [Huawei] sysname Router
    [Router] interface gigabitethernet 1/0/0 
    [Router-GigabitEthernet1/0/0] undo portswitch
    [Router-GigabitEthernet1/0/0] ip address 2.2.2.2 24  
    [Router-GigabitEthernet1/0/0] quit       
    [Router] interface gigabitethernet 2/0/0
    [Router-GigabitEthernet2/0/0] undo portswitch
    [Router-GigabitEthernet2/0/0] ip address 1.1.1.1 24  
    [Router-GigabitEthernet2/0/0] quit
    

  2. Configure a default route with next hop address 2.2.2.1 on the router.

    [Router] ip route-static 0.0.0.0 0.0.0.0 2.2.2.1
    

  3. Configure the mapping between the overlapped address pool and the temporary address pool on the router.

    [Router] nat overlap-address 0 1.1.1.100 3.3.3.100 pool-length 254

  4. Configure a static route on the router from the temporary address pool to outbound interface GE1/0/0.

    [Router] ip route-static 3.3.3.100 32 gigabitethernet 1/0/0 2.2.2.1
    

  5. Configure the DNS NAT ALG function in the system view.

    [Router] nat alg dns enable
    

  6. Configure outbound NAT on outbound interface GE1/0/0 of the router.
    1. Create an ACL and configure an ACL rule to permit the packets of PC1 to pass through.

      [Router] acl 3180 
      [Router-acl-adv-3180] rule 5 permit ip source 1.1.1.0 0.0.0.255
      [Router-acl-adv-3180] quit
      

    2. Configure the NAT address pool for outbound NAT.

      [Router] nat address-group 1 2.2.2.100 2.2.2.200 

    3. Configure outbound NAT on outbound interface GE1/0/0.

      [Router] interface gigabitethernet 1/0/0
      [Router-GigabitEthernet1/0/0] nat outbound 3180 address-group 1  
      [Router-GigabitEthernet1/0/0] quit
      

  7. Verify the configuration.

    # Run the display nat overlap-address all command on the router to check the mapping between the overlapped address pool and the temporary address pool.

    <Router> display nat overlap-address all
    Nat Overlap Address Pool To Temp Address Pool Map Information:
     -------------------------------------------------------------------------------
     Id  Overlap-Address  Temp-Address    Pool-Length       Inside-VPN-Instance-Name
     -------------------------------------------------------------------------------
     0   1.1.1.100     3.3.3.100    254                                       
     -------------------------------------------------------------------------------
      Total : 1    

    # Run the display nat outbound command to display the configuration of NAT.

    [Router] display nat outbound
     NAT Outbound Information:
     -----------------------------------------------------------------
     Interface              Acl      Address-group/IP/Interface      Type
     -----------------------------------------------------------------
     GigabitEthernet1/0/0      3180                  1                pat
     -----------------------------------------------------------------
      Total : 1  

Configuration Files

Configuration file of the router

#
 sysname Router
#                                                                            
acl number 3180                                                               
rule 5 permit ip source 1.1.1.0 0.0.0.255               
#                                                                               
 nat alg dns enable                                                             
 #                                                                              
 nat address-group 1 2.2.2.100 2.2.2.200                               
 #                                                                              
 nat overlap-address 0 1.1.1.100 3.3.3.100 pool-length 254               
#                                                                               
interface GigabitEthernet2/0/0                                                  
 undo portswitch
 ip address 1.1.1.1 255.255.255.0                                            
#                                                                               
interface GigabitEthernet1/0/0                                                  
 undo portswitch
 ip address 2.2.2.2 255.255.255.0                                            
 nat outbound 3180 address-group 1                                              
#                                                                               
ip route-static 0.0.0.0 0.0.0.0 2.2.2.1
ip route-static 3.3.3.100 255.255.255.255 GigabitEthernet1/0/0 2.2.2.1
#                                                                    return  
Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100034231

Views: 82477

Downloads: 54

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next