No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


The configuration method to realize NAT and policy-route for the underlying users of NE40

Publication Date:  2019-07-12 Views:  442 Downloads:  0

Issue Description

The networking structure: refer to the appendix
the networking requirement
: NE40 connects with two private network segments, one is user, which is out from the interface via NE40 which connects with ISP A, if the link is down, it is out from the interface connecting with ISP B, the other is, it is out from the interface connecting with ISP B, if the link is down, it is out from the interface connecting with ISP A, the users of those two private network segments realize NAT on NE40.

Data deployment
: corresponds to the NAT address pool "x.x.220.33 to x.x.220.46", corresponds to the NAT address pool "x.x.224.161 to x.x.224.174", the IP of NE40 connecting with ISP A is x.x.220.16/30, the IP of NE40 connecting with ISP B is x.x.224.80/30


Alarm Information


Handling Process

The followings are the configuration cases
configure one flow classification rule based on IP
rule-map intervlan rule1 ip any                         
rule-map intervlan rule2 ip any

confiugre the NAT address pool
nat address-group liantong x.x.220.33 x.x.220.46 mask slot 5                                                                       
nat address-group yidong x.x.224.161 x.x.224.174 mask slot 5

configure NAT policy
nat-policy number 1 ip x.x.220.18 nat address-group liantong                
nat-policy number 2 ip x.x.224.82 nat address-group yidong

confiugre NAT policy action                                                    
flow-action liantong nat 1 2
flow-action yidong nat 2 1

configure EACL
associate the flow classification and NAT policy action
eacl nat rule1 liantong
eacl nat rule2 yidong

on the in-interface, enable eacl
interface ethernet 1/0/0
access-group router eacl nat

ip route-static x.x.220.18 preference 60
ip route-static x.x.224.82 preference 100                   
ip route-static x.x.220.32 NULL 0 preference 60             
ip route-static x.x.224.160 NULL 0 preference 60

Root Cause

The above version of VRP3.10-2222SP01 supports NAT switch and policy route realization simultaneously.