No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
NE20E-S V800R011C10 Configuration Guide - IPv6 Transition 02
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Bidirectional NAT and an Internal Server

Example for Configuring Bidirectional NAT and an Internal Server

This section provides an example for configuring bidirectional NAT and an internal server. The private and public networks want to access the internal server using the public IP address.

Networking Requirements

In Figure 2-15, NAT-Device's GE 0/2/0 with an IP address of 192.168.1.1/24 is connected to a private network. NAT-Device's GE 0/2/1 with an IP address of 11.11.11.1/8 is connected to the Internet. The internal server has a private IP address of 192.168.1.2/24 and a public IP address of 11.11.11.6. A private network host with an IP address of 192.168.1.3/24 attempts to access the internal server. The peer device connected to NAT-Device is assigned an IP address of 11.11.11.2.

The private and public networks want to access the internal server using the public IP address of 11.11.11.6.

Figure 2-15 Configuring NAT and an internal server

Interfaces 1 and 2 in this example represent GE 0/2/0 and GE 0/2/1, respectively.



Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure basic NAT functions.
  2. Configure an internal server.
  3. Configure a NAT distribution policy.
  4. Apply the NAT distribution policy.
  5. Configure static routes.

Data Preparation

To complete the configuration, you need the following data:

  • NAT instance name (nat1) and index (1)
  • NAT-Device's NAT address pool name (address-group1), address pool number (1), and IP address range in easy IP mode
  • ACL numbers (3001 and 3002)
  • Name (GE 0/2/0) and IP address (192.168.1.1/24) of an interface to which a NAT distribution policy is applied; name (GE 0/2/1) and IP address (11.1.1.1/24) of another interface to which a NAT distribution policy is applied

Procedure

  1. Configure basic NAT functions.
    1. Create a NAT instance named nat1.

      <HUAWEI> system-view
[~HUAWEI] sysname NAT-Device
[*HUAWEI] commit
[~NAT-Device] nat instance nat1 id 1 simple-configuration
[*NAT-Device-nat-instance-nat1] commit
[~NAT-Device-nat-instance-nat1] quit

    2. Assign an IP address to an outbound interface.

      [~NAT-Device] interface gigabitEthernet 0/2/1
[~NAT-Device-GigabitEthernet0/2/1] ip address 11.11.1.1 8
[*NAT-Device-GigabitEthernet0/2/1] commit
[~NAT-Device-GigabitEthernet0/2/1] quit

    3. Configure a NAT address pool in easy IP mode.

      [~NAT-Device] nat address-group address-group1 group-id 1 unnumbered interface GigabitEthernet 0/2/1
[*NAT-Device] commit

  2. Configure an internal server.

    [~NAT-Device] nat server global 11.11.11.6 inside 192.168.1.2
[~NAT-Device] commit

  3. Configure a NAT distribution policy.

    • Configure an ACL-based traffic classification rule. Configure an ACL numbered 3001 and a rule numbered 1 for a private network host to access the internal server using the IP address of 11.11.11.6. The ACL is used to allow GE 0/2/0 to perform NAT only for services initiated inside the private network.
    • Configure an ACL numbered 3002, an ACL rule numbered 2, and an ACL-based traffic classification rule to allow the private network host to access the Internet.
    [~NAT-Device] acl 3001
[*NAT-Device-acl4-advance-3001] rule 1 permit ip source 192.168.1.0 0.0.0.255 destination 11.11.11.6 0
[*NAT-Device-acl4-advance-3001] commit
[~NAT-Device-acl4-advance-3001] quit
[~NAT-Device] acl 3002
[*NAT-Device-acl4-advance-3002] rule 2 permit ip
[*NAT-Device-acl4-advance-3002] commit
[~NAT-Device-acl4-advance-3002] quit

  4. Apply the NAT distribution policy.

    • Apply the traffic classification policy with ACL 3001 to the view of GE 0/2/0.
    • Apply the traffic classification policy with ACL 3002 to the view of GE 0/2/1.
    [~NAT-Device] interface gigabitEthernet 0/2/0
[~NAT-Device-GigabitEthernet0/2/0] ip address 192.168.1.1 24
[*NAT-Device-GigabitEthernet0/2/0] nat bind acl 3001 instance nat1
[*NAT-Device-GigabitEthernet0/2/0] commit
[~NAT-Device-GigabitEthernet0/2/0] quit
[~NAT-Device] interface gigabitEthernet 0/2/1
[*NAT-Device-GigabitEthernet0/2/1] nat bind acl 3002 instance nat1
[*NAT-Device-GigabitEthernet0/2/1] commit
[~NAT-Device-GigabitEthernet0/2/1] quit

  5. Configure a default route as a static route and set the next hop address of the default route to 11.11.11.2.

    [~NAT-Device] ip route-static 0.0.0.0 0.0.0.0 11.11.11.2
[*NAT-Device] commit

  6. Verify the configuration.

    # Run the display nat server-map command to view the internal server information.

    [~NAT-Device] display nat server-map
This operation will take a few minutes. Press 'Ctrl+C' to break ...                                                                 
Slot: 9
Total number:  2.                                                                                                                   
  NAT Instance: nat1                                                                                                                
  Protocol:ANY, VPN:--->-                                                                                                           
  Server:192.168.1.2[11.1.1.6]->ANY                                                                                                 
  Tag:0x0, TTL:-, Left-Time:-                                                                                                       
  CPE IP:192.168.1.2                                                                                                                
                                                                                                                                    
  NAT Instance: nat1                                                                                                                
  Protocol:ANY, VPN:--->-                                                                                                           
  Server reverse:ANY->11.1.1.6[192.168.1.2]                                                                                         
  Tag:0x0, TTL:-, Left-Time:-                                                                                                       
  CPE IP:192.168.1.2                        
  ---------------------------------------------------------------------------

NAT-Device Configuration File

# 
sysname NAT-Device 
# 
nat instance nat1 id 1 simple-configuration                                                                                                              
#
nat address-group 1 group-id 1 unnumbered interface GigabitEthernet 0/2/1
#
nat server global 11.11.11.6 inside 192.168.1.2                                                         
#
acl number 3001
 rule 1 permit ip source 192.168.1.0 0.0.0.255 destination 11.11.11.6 0
#
acl number 3002
 rule 2 permit ip  
# 
interface GigabitEthernet 0/2/0 
 undo shutdown 
 ip address 192.168.1.1 255.255.255.0
 nat bind acl 3001 instance nat1 
# 
interface GigabitEthernet 0/2/1 
 undo shutdown 
 ip address 11.11.11.1 255.0.0.0
 nat bind acl 3002 instance nat1
#                                                                               
ip route-static 0.0.0.0 0.0.0.0 11.11.11.2
#
return
Download
Updated: 2020-02-07

Document ID: EDOC1100125510

Views: 29162

Downloads: 18

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next
Huawei e+ App Huawei e+

Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :