No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - IP Service

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

This document describes the concepts and configuration procedures of IP Service features on the device, and provides the configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring NAT

Example for Configuring NAT

Networking Requirements

As shown in Figure 5-21, GE1/0/0 on the router has a private IP address 192.168.1.1/24 and is connected to the intranet. GE2/0/0 on the router has a public IP address 11.11.11.1/8 and is connected to the Internet. The intranet server has a private IP address 192.168.1.2/24 and a public IP address 11.11.11.6/8. The intranet host has an IP address 192.168.1.3/24.

Both the intranet host and extranet host want to access the intranet server through the public IP address 11.11.11.6.

Figure 5-21  Networking diagram for configuring NAT

Configuration Roadmap

The configuration roadmap is as follows:

  • Configure IP addresses for interfaces.

  • Configure a default route.

  • Configure outbound NAT and static NAT in Easy IP mode on the LAN-side interface of the router to ensure that the intranet host can use a public IP address to access the intranet server.

  • Configure outbound NAT and static NAT in Easy IP mode on the WAN-side interface of the router to ensure that the intranet host can access the Internet and the extranet host can use a public IP address to access the intranet server.

Procedure

  1. Configure IP addresses for interfaces on the router.

    <Huawei> system-view
    [Huawei] sysname Router
    [Router] interface gigabitethernet 1/0/0 
    [Router-GigabitEthernet1/0/0] ip address 192.168.1.1 24 
    [Router-GigabitEthernet1/0/0] quit       
    [Router] interface gigabitethernet 2/0/0
    [Router-GigabitEthernet2/0/0] ip address 11.11.11.1 8 
    [Router-GigabitEthernet2/0/0] quit
    

  2. Configure a default route on the router and specify the next hop address as 11.11.11.2.

    [Router] ip route-static 0.0.0.0 0.0.0.0 11.11.11.2
    

  3. Configure outbound NAT and static NAT in Easy IP mode on GE1/0/0 of the router to ensure that the intranet host can use a public IP address to access the intranet server.

    [Router] acl 3000
    [Router-acl-adv-3000] rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 11.11.11.6 0
    [Router-acl-adv-3000] quit
    [Router] interface gigabitethernet 1/0/0
    [Router-GigabitEthernet1/0/0] nat outbound 3000
    [Router-GigabitEthernet1/0/0] nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255
    [Router-GigabitEthernet1/0/0] quit
    

  4. Configure outbound NAT and static NAT in Easy IP mode on GE2/0/0 of the router to ensure that the intranet host can access the Internet and the extranet host can use a public IP address to access the intranet server.

    [Router] acl 2000
    [Router-acl-basic-2000] rule 5 permit source 192.168.1.0 0.0.0.255
    [Router-acl-basic-2000] quit
    [Router] interface gigabitethernet 2/0/0
    [Router-GigabitEthernet2/0/0] nat outbound 2000
    [Router-GigabitEthernet2/0/0] nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255
    [Router-GigabitEthernet2/0/0] quit
    

  5. Verify the configuration.

    # The intranet host and extranet host can access the intranet server using the public IP address 11.11.11.6. The intranet host can also access the Internet.

Configuration Files

Router configuration file

#                                                                               
acl number 2000                                                                 
 rule 5 permit source 192.168.1.0 0.0.0.255                                     
#                                                                               
acl number 3000  
 rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 11.11.11.6 0          
#                                                                               
interface GigabitEthernet1/0/0                                                  
 ip address 192.168.1.1 255.255.255.0                                           
 nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255  
 nat outbound 3000  
#                                                                               
interface GigabitEthernet2/0/0                                                  
 ip address 11.11.11.1 255.0.0.0                                                  
 nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255  
 nat outbound 2000  
#                                                                               
ip route-static 0.0.0.0 0.0.0.0 11.11.11.2                                 
#                                               
return                                                                          
Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100069333

Views: 33677

Downloads: 169

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next