The configuration method to realize NAT and policy-route for the underlying user

Created: Mar 25, 2016 16:18:08Latest reply: Mar 25, 2016 23:15:42 934 1 0 0

The networking structure: refer to the appendix
the networking requirement
: NE40 connects with two private network segments, one is 10.1.0.0/16 user, which is out from the interface via NE40 which connects with ISP A, if the link is down, it is out from the interface connecting with ISP B, the other is 192.168.0.0/16, it is out from the interface connecting with ISP B, if the link is down, it is out from the interface connecting with ISP A, the users of those two private network segments realize NAT on NE40.

Data deployment
: 10.1.0.0/16 corresponds to the NAT address pool "211.91.220.33 to 211.91.220.46", 192.168.0.0/16 corresponds to the NAT address pool "211.138.224.161 to 211.138.224.174", the IP of NE40 connecting with ISP A is 211.91.220.16/30, the IP of NE40 connecting with ISP B is 211.138.224.80/30

 


  • x
  • convention:

Adamcolob  Visitor   Created Mar 25, 2016 23:15:42 Helpful(0) Helpful(0)

Handling Process

The followings are the configuration cases
configure one flow classification rule based on IP
rule-map intervlan rule1 ip 10.0.0.0 0.0.255.255 any                         
rule-map intervlan rule2 ip 192.168.0.0 0.0.255.255 any

confiugre the NAT address pool
nat address-group liantong 211.91.220.33 211.91.220.46 mask 255.255.255.240 slot 5                                                                       
nat address-group yidong 211.138.224.161 211.138.224.174 mask 255.255.255.240 slot 5

configure NAT policy
nat-policy number 1 ip 211.91.220.18 nat address-group liantong                
nat-policy number 2 ip 211.138.224.82 nat address-group yidong

confiugre NAT policy action                                                    
flow-action liantong nat 1 2
flow-action yidong nat 2 1

configure EACL
associate the flow classification and NAT policy action
eacl nat rule1 liantong
eacl nat rule2 yidong

on the in-interface, enable eacl
interface ethernet 1/0/0
access-group router eacl nat

ip route-static 0.0.0.0 0.0.0.0 211.91.220.18 preference 60
ip route-static 0.0.0.0 0.0.0.0 211.138.224.82 preference 100                   
                    
ip route-static 211.91.220.32 255.255.255.240 NULL 0 preference 60             
ip route-static 211.138.224.160 255.255.255.240 NULL 0 preference 60

Root Cause
The above version of VRP3.10-2222SP01 supports NAT switch and policy route realization simultaneously.

  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top