Example for Configuring NAT
Networking Requirements
As shown in Figure 5-20, GE1/0/0 on the router has a private IP address 192.168.1.1/24 and is connected to the intranet. GE2/0/0 on the router has a public IP address 11.11.11.1/8 and is connected to the Internet. The intranet server has a private IP address 192.168.1.2/24 and a public IP address 11.11.11.6/8. The intranet host has an IP address 192.168.1.3/24.
Both the intranet host and extranet host want to access the intranet server through the public IP address 11.11.11.6.
Configuration Roadmap
The configuration roadmap is as follows:
Configure IP addresses for interfaces.
Configure a default route.
Configure outbound NAT and static NAT in Easy IP mode on the LAN-side interface of the router to ensure that the intranet host can use a public IP address to access the intranet server.
Configure outbound NAT and static NAT in Easy IP mode on the WAN-side interface of the router to ensure that the intranet host can access the Internet and the extranet host can use a public IP address to access the intranet server.
Procedure
- Configure IP addresses for interfaces on the router.
<Huawei> system-view [Huawei] sysname Router [Router] interface gigabitethernet 1/0/0 [Router-GigabitEthernet1/0/0] ip address 192.168.1.1 24 [Router-GigabitEthernet1/0/0] quit [Router] interface gigabitethernet 2/0/0 [Router-GigabitEthernet2/0/0] ip address 11.11.11.1 8 [Router-GigabitEthernet2/0/0] quit
- Configure a default route on the router and specify the next hop address as 11.11.11.2.
[Router] ip route-static 0.0.0.0 0.0.0.0 11.11.11.2
- Configure outbound NAT and static NAT in Easy IP mode on GE1/0/0 of the router to ensure that the intranet host can use a public IP address to access the intranet server.
[Router] acl 3000 [Router-acl-adv-3000] rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 11.11.11.6 0 [Router-acl-adv-3000] quit [Router] interface gigabitethernet 1/0/0 [Router-GigabitEthernet1/0/0] nat outbound 3000 [Router-GigabitEthernet1/0/0] nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255 [Router-GigabitEthernet1/0/0] quit
- Configure outbound NAT and static NAT in Easy IP mode on GE2/0/0 of the router to ensure that the intranet host can access the Internet and the extranet host can use a public IP address to access the intranet server.
[Router] acl 2000 [Router-acl-basic-2000] rule 5 permit source 192.168.1.0 0.0.0.255 [Router-acl-basic-2000] quit [Router] interface gigabitethernet 2/0/0 [Router-GigabitEthernet2/0/0] nat outbound 2000 [Router-GigabitEthernet2/0/0] nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255 [Router-GigabitEthernet2/0/0] quit
- Verify the configuration.
# The intranet host and extranet host can access the intranet server using the public IP address 11.11.11.6. The intranet host can also access the Internet.
Configuration Files
Router configuration file
# acl number 2000 rule 5 permit source 192.168.1.0 0.0.0.255 # acl number 3000 rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 11.11.11.6 0 # interface GigabitEthernet1/0/0 ip address 192.168.1.1 255.255.255.0 nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255 nat outbound 3000 # interface GigabitEthernet2/0/0 ip address 11.11.11.1 255.0.0.0 nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255 nat outbound 2000 # ip route-static 0.0.0.0 0.0.0.0 11.11.11.2 # return
Previous
