Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Source NAT
Procedure
- Configure NAT address pool pool_isp1_1 and specify
the address pool type to be NAPT.
HRP_M[FW_A] nat address-group pool_isp1_1 HRP_M[FW_A-address-group-pool_isp1_1] mode pat HRP_M[FW_A-address-group-pool_isp1_1] section 1.1.1.10 1.1.1.12 HRP_M[FW_A-address-group-pool_isp1_1] route enable HRP_M[FW_A-address-group-pool_isp1_1] quit
![]()
NOTE: You can run the route enable command to generate a UNR for addresses in the NAT address pool. The UNR functions the same as a black-hole route. It can prevent a routing loop.
- Configure the NAT policy between the Trust and isp1_1 zones
to translate source addresses of packets from the Trust zone to addresses
in pool_isp1_1.
HRP_M[FW_A] nat-policy HRP_M[FW_A-policy-nat] rule name policy_nat1 HRP_M[FW_A-policy-nat-rule-policy_nat1] source-zone trust HRP_M[FW_A-policy-nat-rule-policy_nat1] destination-zone isp1_1 HRP_M[FW_A-policy-nat-rule-policy_nat1] action source-nat address-group pool_isp1_1 HRP_M[FW_A-policy-nat-rule-policy_nat1] quit HRP_M[FW_A-policy-nat] quit
- Configure NAT address pool pool_isp1_2 and specify
the address pool type to be NAPT.
HRP_M[FW_A] nat address-group pool_isp1_2 HRP_M[FW_A-address-group-pool_isp1_2] mode pat HRP_M[FW_A-address-group-pool_isp1_2] section 1.1.2.10 1.1.2.12 HRP_M[FW_A-address-group-pool_isp1_2] route enable HRP_M[FW_A-address-group-pool_isp1_2] quit
- Configure the NAT policy between the Trust and isp1_2 zones
to translate source addresses of packets from the Trust zone to addresses
in pool_isp1_2.
HRP_M[FW_A] nat-policy HRP_M[FW_A-policy-nat] rule name policy_nat2 HRP_M[FW_A-policy-nat-rule-policy_nat2] source-zone trust HRP_M[FW_A-policy-nat-rule-policy_nat2] destination-zone isp1_2 HRP_M[FW_A-policy-nat-rule-policy_nat2] action source-nat address-group pool_isp1_2 HRP_M[FW_A-policy-nat-rule-policy_nat2] quit HRP_M[FW_A-policy-nat] quit
- Configure NAT address pool pool_isp2_1 and specify
the address pool type to be NAPT.
HRP_M[FW_A] nat address-group pool_isp2_1 HRP_M[FW_A-address-group-pool_isp2_1] mode pat HRP_M[FW_A-address-group-pool_isp2_1] section 2.2.2.10 2.2.2.12 HRP_M[FW_A-address-group-pool_isp2_1] route enable HRP_M[FW_A-address-group-pool_isp2_1] quit
- Configure the NAT policy between the Trust and isp2_1 zones
to translate source addresses of packets from Trust zone to addresses
in pool_isp2_1.
HRP_M[FW_A] nat-policy HRP_M[FW_A-policy-nat] rule name policy_nat3 HRP_M[FW_A-policy-nat-rule-policy_nat3] source-zone trust HRP_M[FW_A-policy-nat-rule-policy_nat3] destination-zone isp2_1 HRP_M[FW_A-policy-nat-rule-policy_nat3] action source-nat address-group pool_isp2_1 HRP_M[FW_A-policy-nat-rule-policy_nat3] quit HRP_M[FW_A-policy-nat] quit
- Configure NAT address pool pool_isp2_2 and specify
the address pool type to be NAPT.
HRP_M[FW_A] nat address-group pool_isp2_2 HRP_M[FW_A-address-group-pool_isp2_2] mode pat HRP_M[FW_A-address-group-pool_isp2_2] section 2.2.3.10 2.2.3.12 HRP_M[FW_A-address-group-pool_isp2_2] route enable HRP_M[FW_A-address-group-pool_isp2_2] quit
- Configure the NAT policy between the Trust and isp2_2 zones
to translate source addresses of packets from Trust zone to addresses
in pool_isp2_2.
HRP_M[FW_A] nat-policy HRP_M[FW_A-policy-nat] rule name policy_nat4 HRP_M[FW_A-policy-nat-rule-policy_nat4] source-zone trust HRP_M[FW_A-policy-nat-rule-policy_nat4] destination-zone isp2_2 HRP_M[FW_A-policy-nat-rule-policy_nat4] action source-nat address-group pool_isp2_2 HRP_M[FW_A-policy-nat-rule-policy_nat4] quit HRP_M[FW_A-policy-nat] quit
- Configure NAT ALG.
Previous
