Configure NAT on the AR router to allow internal hosts to access internal servers using an external IP address

All models of Huawei AR routers in V200R003C01 and later versions allow internal and external users to access internal servers by configuring static NAT. GE1/0/0 on the router connects to the internal network and its IP address is 192.168.1.1/24. GE2/0/0 on the router connects to the external network and its IP address is 11.11.11.1/8. The internal server has an internal IP address 192.168.1.2/24 and an external IP address 11.11.11.6. The internal host at 192.168.1.3/24 wants to access the internal server. The configuration details on the AR router are as follows: 1. Assign IP addresses to interfaces on the router.
[Huawei] interface GigabitEthernet1/0/0
[Huawei-GigabitEthernet1/0/0] ip address 192.168.1.1 24
[Huawei-GigabitEthernet1/0/0] quit
[Huawei] interface GigabitEthernet2/0/0
[Huawei-GigabitEthernet2/0/0] ip address 11.11.11.1 8
[Huawei-GigabitEthernet2/0/0] quit
2. Configure a default router to ensure interconnection between internal users and the external network.
[Huawei] ip route-static 0.0.0.0 0.0.0.0 11.11.11.2
3. Configure internal users to access internal servers. The internal host use 11.11.11.6 to access servers. NAT is implemented through GE1/0/0 and one-to-one NAT is configured on the internal network service only when service requests are initiated from the internal network.
[Huawei] acl number 2000
[Huawei-acl-basic-2000] rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 11.11.11.6 0
[Huawei-acl-basic-2000] quit
[Huawei] interface GigabitEthernet1/0/0
[Huawei-GigabitEthernet1/0/0] nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255
[Huawei-GigabitEthernet1/0/0] nat outbound 2000
[Huawei-GigabitEthernet1/0/0] quit
4. Configure external users to access internal servers to ensure that external users use 11.11.11.6 to access internal servers.
[Huawei] interface GigabitEthernet2/0/0
[Huawei-GigabitEthernet2/0/0] nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255
[Huawei-GigabitEthernet2/0/0] quit

Scroll to top