Example for Configuring Simplified NAT
This section provides an example for configuring the simplified NAT function to implement multiple-to-multiple IP address translation between private and public networks and allow PCs on a specified network segment to access the Internet.
Networking Requirements
In Figure 2-2, the router performs the NAT function to help PCs within an enterprise network access the Internet. The router uses GE 0/2/0 to connect to the enterprise network. The router's GE 0/2/1 is connected to the Internet. The enterprise is assigned public IP addresses of 11.11.11.101/32 through 11.11.11.105/32.
- PCs only on the network segment of 192.168.10.0/24 can access the Internet.
- Multiple-to-multiple NAT is performed for IP addresses between private and public networks.
Configuration Roadmap
The configuration roadmap is as follows:
- Configure the basic NAT function.
- Configure a simplified NAT traffic distribution policy.
Data Preparation
NAT instance name (nat1) and index (1)
NAT-A's NAT address pool name (address-group1), address pool number (1), a range of public IP addresses (11.11.11.101 through 11.11.11.105)
ACL number (3001)
Name and IP address of each interface to which a NAT traffic distribution policy is applied
Procedure
- Configure basic NAT functions.
- Configure a NAT traffic distribution policy.
In simplified NAT, the traffic distribution policy is supported only by an outbound interface. Bind this policy to either the NAT instance or an address pool on the same interface.
A NAT traffic policy on an inbound and that on an outbound interface are mutually exclusive on a device.
- Verify the configuration.
# Run the display nat user-information slot command to view NAT user information.
[~NATA] display nat user-information slot 9 verbose
This operation will take a few minutes. Press 'Ctrl+C' to break ... Slot: 9 Total number: 1. --------------------------------------------------------------------------- User Type : NAT444 CPE IP : 192.168.10.100 User ID : - VPN Instance : - Address Group : address-group1 NAT Instance : nat1 Public IP : 11.11.11.101 Total/TCP/UDP/ICMP Session Limit : 8192/10240/10240/512 Total/TCP/UDP/ICMP Session Current : 1/0/1/0 Total/TCP/UDP/ICMP Rev Session Limit : 8192/10240/10240/512 Total/TCP/UDP/ICMP Rev Session Current: 0/0/0/0 Nat ALG Enable : NULL Aging Time(s) : - Left Time(s) : - Session Limit Discard Count : 0 -->Transmit Packets : 9753259 -->Transmit Bytes : 1111770864 -->Drop Packets : 0 <--Transmit Packets : 0 <--Transmit Bytes : 0 <--Drop Packets : 0 ---------------------------------------------------------------------------# Run the display nat simple-configuration address-group command to view simplified NAT address pool information.
[~HUAWEI] display nat simple-configuration address-group
nat address-group address-group1 group-id 1 11.11.11.101 11.11.11.105
Configuration Files
NAT-A configuration file when a NAT traffic distribution policy is used on an inbound interface
#
sysname NATA
#
nat instance nat1 id 1 simple-configuration
#
nat address-group address-group1 group-id 1 11.11.11.101 11.11.11.105
#
acl number 3001
rule 1 permit ip source 192.168.10.0 0.0.0.255
#
interface GigabitEthernet 0/2/1
undo shutdown
ip address 11.2.3.4 255.255.255.0
nat bind acl 3001 address-group address-group1
#
return
