Configure NAT on the AR to permit Internet access and allow external users to access internal servers

Huawei AR routers support outbound NAT and NAT server to allow the intranet users to access the Internet and external users to access internal servers. The figure on the right page shows the networking diagram. Eth2/0/0 on the router connects to the internal network and its intranet IP address is GE3/0/0 on the router connects to the external network and its extranet IP address is The internal server has an internal IP address and an external IP address The internal host with the IP address wants to access the internal server. The configuration details are as follows:

1. Configure IP addresses for interfaces on the router.
[Huawei] vlan 100
[Huawei-vlan100] quit
[Huawei] interface vlanif 100
[Huawei-Vlanif100] ip address 24
[Huawei-Vlanif100] quit
[Huawei] interface ethernet 2/0/0
[Huawei-Ethernet2/0/0] port link-type access
[Huawei-Ethernet2/0/0] port default vlan 100
[Huawei-Ethernet2/0/0] quit
[Huawei] interface gigabitethernet 3/0/0
[Huawei-GigabitEthernet3/0/0] ip address 24
[Huawei-GigabitEthernet3/0/0] quit
2. Configure a default route with next-hop address on the router.
[Huawei] ip route-static
3. Configure outbound NAT in Easy IP mode to allow internal users to access external networks.
[Huawei] acl 2000
[Huawei-acl-basic-2000] rule 5 permit source
[Huawei-acl-basic-2000] quit
[Huawei] interface gigabitethernet 3/0/0
[Huawei-GigabitEthernet3/0/0] nat outbound 2000
4. Configure the NAT server to allow external users to access the internal servers.
[Huawei] interface gigabitethernet 3/0/0
[Huawei-GigabitEthernet3/0/0] nat server protocol tcp global www inside 8080
[Huawei-GigabitEthernet3/0/0] quit

Note: The command that configures the NAT server function takes effect on Layer 3 interfaces, excluding Loopback and NULL interfaces.

Scroll to top