No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - IP Service

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

This document describes the concepts and configuration procedures of IP Service features on the device, and provides the configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Implementation of NAT

Implementation of NAT

Basic NAT and NAPT translate private IP addresses to public IP addresses by using NAT devices. Basic NAT implements one-to-one address translation, and NAPT implements many-to-one address translation. On existing networks, NAT is implemented based on the principles of basic NAT and NAPT. NAT implements multiple functions such as Easy IP, NAT address pool, NAT server, and static NAT/NAPT.

NAT address pool and Easy IP are implemented in similar ways. This section describes only Easy IP. For the implementation of NAT address pool, see NAPT in Introduction to NAT.

Easy IP

Easy IP uses access control lists (ACLs) to control the private IP addresses that can be translated.

Easy IP is applied to the scenario where hosts on small-scale LANs access the Internet. Small-scale LANs are usually deployed at small and medium-sized cybercafes or small-sized offices where only a few internal hosts are used and the outbound interface obtains a temporary public IP address through dial-up. The temporary public IP address is used by the internal hosts to access the Internet. Easy IP allows the hosts to access the Internet using this temporary public address.

Figure 5-3  Networking diagram for Easy IP

As shown in Figure 5-3, the Easy IP process is as follows:

  1. The Router receives a request packet sent from the host on the private network for accessing the server on the public network.
  2. The Router sets up forward and reverse Easy IP entries that specify the mapping between the source IP address and port number of the packet and the public IP address and port number of the port connected to the public network. The Router translates the source IP address and port number of the packet to the public IP address and port number based on the forward Easy IP entry, and sends the packet to the server on the public network.
  3. After receiving a response packet from the server on the public network, the Router queries the reverse Easy IP entry based on the packet's destination IP address and port number. The Router translates the packet's destination IP address and port number to the private IP address and port number of the host on the private network based on the reverse Easy IP entry, and sends the packet to the host.

NAT Server

NAT can shield hosts on private networks from public network users. When a private network needs to provide services such as WWW and FTP services for public network users, servers on the private network must be accessible to public network users at any time.

The NAT server can address the preceding problem by translating the public IP address and port number to the private IP address and port number based on the preset mapping.

Figure 5-4  Networking diagram for NAT server implementation

As shown in Figure 5-4, the address translation process of the NAT server is as follows:

  1. Address translation entries of the NAT server are configured on the Router.
  2. The Router receives an access request sent from a host on the public network. The Router queries the address translation entry based on the packet's destination IP address and port number. The Router translates the packet's destination IP address and port number to the private IP address and port number based on the address translation entry, and sends the packet to the server on the private network.
  3. After receiving a response packet sent from the server on the private network, the Router queries the address translation entry based on the packet's source IP address and port number. The Router translates the packet's source IP address and port number to the public IP address and port number based on the address translation entry, and sends the packet to the host on the public network.

Static NAT/NAPT

Static NAT indicates that a private IP address is statically bound to a public IP address when NAT is performed. Only this private IP address can be translated to this public IP address.

Static NAPT indicates that the combination of a private IP address, protocol number, and port number is statically bound to the combination of a public IP address, protocol number, and port number. Multiple private IP addresses can be translated to the same public IP address.

Static NAT/NAPT can also translate host IP addresses in the specified private address range to host IP addresses in the specified public address range. When an internal host accesses the external network, static NAT or NAPT translates the IP address of the internal host to a public address if the IP address of the internal host is in the specified address range. An external host can directly access an internal host if the private IP address translated from the IP address of the external host is in the specified internal address range.

Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100069333

Views: 33429

Downloads: 167

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next