Example for Configuring Extranet Hosts to Access an Intranet Server
Networking Requirements
On the network shown in Figure 5-30, a server is deployed on the intranet of the company. A host on the Internet wants to access the server through a public IP address. The server's private IP address is 192.168.0.2/24 and its public IP address is 2.2.2.3/24. The IP address of the WAN-side interface on the router is 2.2.2.1/24 and the LAN gateway IP address is 192.168.0.1/24. The IP address of the carrier device connected to the router is 2.2.2.2/24 and the IP address of the extranet host is 1.1.1.1/24.
Configuration Roadmap
The configuration roadmap is as follows:
Configure the IP addresses for interfaces and a default route to ensure route reachability between the extranet host and intranet server.
Configure NAT static on the WAN-side interface of the router. Then the extranet host can access the intranet server through public IP address 2.2.2.3.
Procedure
- Configure IP addresses for interfaces on the router.
<Huawei> system-view [Huawei] sysname Router [Router] interface gigabitethernet 2/0/0 [Router-GigabitEthernet2/0/0] ip address 2.2.2.1 24 [Router-GigabitEthernet2/0/0] quit [Router] interface gigabitethernet 1/0/0 [Router-GigabitEthernet1/0/0] ip address 192.168.0.1 24 [Router-GigabitEthernet1/0/0] quit
- On the router, configure a default route with next hop address 2.2.2.2.
[Router] ip route-static 0.0.0.0 0.0.0.0 2.2.2.2
- Configure static 1:1 NAT translation on GE2/0/0.
[Router] interface gigabitethernet 2/0/0 [Router-GigabitEthernet2/0/0] nat static global 2.2.2.3 inside 192.168.0.2 [Router-GigabitEthernet2/0/0] quit [Router] quit
- Verify the configuration.
Run the display nat static command on the router to check the mapping between the private and public addresses.
<Router> display nat static Static Nat Information: Interface : GigabitEthernet2/0/0 Global IP/Port : 2.2.2.3/---- Inside IP/Port : 192.168.0.2/---- Protocol : ---- VPN instance-name : ---- Acl number : ---- Vrrp id : ---- Netmask : 255.255.255.255 Description : ---- Total : 1Run the ping 2.2.2.3 command on the extranet host to ping the intranet server. Run the display nat session all command on the router to check the address translation result.
<Router> display nat session all NAT Session Table Information: Protocol : ICMP(1) SrcAddr Vpn : 1.1.1.1 DestAddr Vpn : 2.2.2.3 Type Code IcmpId : 8 0 43992 NAT-Info New SrcAddr : ---- New DestAddr : 192.168.0.2 New IcmpId : ---- Protocol : UDP(17) SrcAddr Port Vpn : 192.168.0.2 1701 DestAddr Port Vpn : 1.1.1.1 1701 NAT-Info New SrcAddr : 2.2.2.3 New SrcPort : ---- New DestAddr : ---- New DestPort : ---- Total : 2
Configuration Files
Router configuration file
# sysname Router # interface GigabitEthernet1/0/0 ip address 192.168.0.1 255.255.255.0 # interface GigabitEthernet2/0/0 ip address 2.2.2.1 255.255.255.0 nat static global 2.2.2.3 inside 192.168.0.2 netmask 255.255.255.255 # ip route-static 0.0.0.0 0.0.0.0 2.2.2.2 # return