No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - IP Service

AR500, AR510, AR531, AR550, AR1500, and AR2500 V200R010

This document describes the concepts and configuration procedures of IP Service features on the device, and provides the configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Internal Hosts with an Overlapped IP Address Fail to Access External Servers

Internal Hosts with an Overlapped IP Address Fail to Access External Servers

Fault Description

This fault is commonly caused by one of the following:
  • Outbound NAT is incorrectly configured on the outbound port.
  • NAT ALG is disabled for the DNS protocol.
  • The DNS mapping entry is configured incorrectly. For example, the corresponding public address is different from the IP address of an external server.
  • The route between the temporary address pool and the outbound interface is not configured.

Procedure

  1. Check that outbound NAT is configured correctly.

    Run the display nat outbound command on the device to check whether outbound NAT is configured correctly.
    [Huawei]display  nat outbound 
     NAT Outbound Information: 
     --------------------------------------------------------------------------- 
     Interface                     Acl      Address-group/IP/Interface      Type 
     --------------------------------------------------------------------------- 
     GigabitEthernet0/0/1         3180                               1       pat 
     --------------------------------------------------------------------------- 
      Total : 1   
    
    The preceding information indicates that ACL 3180 is bound to outbound NAT and the address pool index is 1. Check that outbound NAT references a correct address pool. When configuring an address pool, ensure that the destination address on the external network is different from any address in the address pool. Run the display nat address-group command to check the configuration of the address pool.
    [Huawei]display nat address-group 1 
    NAT Address-Group Information: 
    -------------------------------------- 
    Index   Start-address      End-address 
    -------------------------------------- 
    1       1.1.1.1            1.1.1.10 
    -------------------------------------- 
    Total : 1     
    

    Check that ACL rules bound to outbound NAT are correct. Generally, incorrect addresses, protocol types, or interface numbers are defined in ACL rules. When an ACL problem occurs, packets on the internal network cannot be sent out or packets on the external network cannot be sent to the internal network.

    Run the display acl 3180 command to check the ACL bound to outbound NAT.
    [Huawei]display acl 3180
    Advanced ACL 3180, 1 rule 
    Acl's step is 5 
    rule 5 permit tcp source 10.10.10.1 0 
    
    NOTE:

    An ACL strictly controls the permitted address segments, protocols, and ports based on the networking requirements. If certain protocol packets are rejected by the NAT gateway, check whether the packets of this protocol are permitted by the ACL.

    • If outbound NAT is configured incorrectly, correct the configuration.
    • If outbound NAT is configured correctly but the fault persists, go to step 2.

  2. Check that the DNS mapping entry is configured correctly.

    Run the display nat dns-map command on the device to check whether the NAT server is configured on the correct NAT interface and check whether the protocol type, interface number, and IP address are correctly configured.

    [Huawei]display nat dns-map 
      NAT DNS mapping information:
      Domain-name : test1
      Global IP   : 10.1.1.1
      Global port : 2012
      Protocol    : tcp
    
      Total : 1  
    • If the DNS mapping entry is configured incorrectly, run the nat dns-map command in the system view to configure a DNS mapping entry correctly.
    • If the DNS mapping entry is configured correctly but the fault persists, go to step 3.

  3. Check that NAT ALG is enabled for the DNS protocol.

    Run the display nat alg command on the device to check whether NAT ALG is enabled for the DNS protocol.
    [Huawei]display nat alg 
    NAT Application Level Gateway Information:                                      
    ----------------------------------                                              
      Application            Status                                                 
    ----------------------------------                                              
      dns                    Disabled                                               
      ftp                    Disabled                                               
      rtsp                   Enabled                                                
      sip                    Disabled                                               
      pptp                   Disabled                                        
    ---------------------------------- 
    • If NAT ALG is disabled for the DNS protocol, run the nat alg command to enable it.
    • If NAT ALG is enabled for the DNS protocol but the fault persists, go to step 4.

  4. Check that the mappings between overlapped address pools and temporary address pools are correct.

    Run the display nat overlap-address command on the device to check whether all the mappings between overlapped address pools and temporary address pools are correct.
    [Huawei]display nat overlap-address all 
    Nat Overlap Address Pool To Temp Address Pool Map Information: 
     ----------------------------------------------------------------------
     Id  Overlap-Address  Temp-Address  Pool-Length  Inside-VPN-Instance-Name 
     ----------------------------------------------------------------------
     1   1.1.1.1          20.20.20.20     34 
    -----------------------------------------------------------------------
      Total : 1        
    
    NOTE:

    The temporary address pool contains available IP addresses on the device. The IP addresses in the address pool cannot conflict with any interface address, VRRP address, or NAT address. In the preceding information, Inside-VPN-Instance-Name specifies the VPN instance to which the internal interface connected to the host belongs.

    • If the mappings are incorrect, reconfigure the mappings.
    • If the mappings are correct but the fault persists, go to step 5.

  5. Check that the route between the temporary address pool and the outbound interface is configured.

    Run the display ip routing-table command on the device to check all the routes on the public network.
    [Huawei]display ip routing-table 
    Route Flags: R - relay, D - download to fib 
    ------------------------------------------------------------------------------ 
    Routing Tables: Public 
             Destinations : 2       Routes : 2 
     
    Destination/Mask    Proto  Pre  Cost       Flags NextHop         Interface 
     
        10.0.0.0/8     Static   60   0            D   10.164.50.1     Ethernet1/0/0 
        10.10.10.10/32 Direct   64   0            D   127.0.0.1       Vlanif3 
    
    NOTE:

    If the name of the VPN instance where the internal interface is located has been configured, run the display ip routing-table vpn-instance vpn-name command to check the routes.

    • If there is no correct route, reconfigure a route.
    • If the route is correct but the fault persists, contact technical support personnel.

Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100034231

Views: 80157

Downloads: 51

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next