Configure an internal user to access the network using Easy IP on the AR router

0

A Huawei AR router allows internal users to access external servers using Easy IP. The IP address of GE0/0/1 (outbound interface) on the router is 200.100.1.2/24, and the IP address of Eth0/0/1 is 192.168.0.1/24. The remote IP address of GE0/0/1 is 200.100.1.1/24. Internal users use Easy IP to access the Internet through GE0/0/1. The configuration is as follows:
1. Assign IP addresses to interfaces on the router.
[Huawei] interface ethernet 0/0/1
[Huawei-Ethernet0/0/1] ip address 192.168.0.1 24
[Huawei-Ethernet0/0/1] quit
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] ip address 200.100.1.2 24
[Huawei-GigabitEthernet0/0/1] quit
2. Configure a default route to ensure that the outbound interface has a reachable route to the remote end.
[Huawei] ip route-static 0.0.0.0 0.0.0.0 200.100.1.1
3. Configure NAT on an internal address segment 192.168.0.0/24. Implement NAT on GE0/0/1 in Easy IP mode.
[Huawei] acl number 2000
[Huawei-acl-basic-2000] rule 5 permit source 192.168.0.0 0.0.0.255
[Huawei-acl-basic-2000] quit
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/1] nat outbound 2000
[Huawei-GigabitEthernet0/0/1] quit

Other related questions:
Configure NAT on the AR router to enable external users to access the internal server
The NAT server can be configured on a Huawei AR router to enable external users to access internal servers. A company's network provides the web server for external users. The web server uses internal IP address 192.168.20.2/24 and port 8080. The web server's IP address advertised to external users is 202.169.10.5/24, and external users are on the network segment 202.169.10.2/24. The configuration details are as follows: 1. Assign IP addresses to interfaces on the router. [Huawei] vlan 100 [Huawei-vlan100] quit [Huawei] interface vlanif 100 [Huawei-Vlanif100] ip address 192.168.20.1 24 [Huawei-Vlanif100] quit [Huawei] interface ethernet 2/0/0 [Huawei-Ethernet2/0/0] port link-type access [Huawei-Ethernet2/0/0] port default vlan 100 [Huawei-Ethernet2/0/0] quit [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] ip address 202.169.10.1 24 [Huawei-GigabitEthernet3/0/0] quit 2. Configure a default route on the router and specify the next hop address as 202.169.10.2 [Huawei] ip route-static 0.0.0.0 0.0.0.0 202.169.10.2 3. Configure the NAT server on Gigabitethernet 3/0/0 of the router to allow external users to access internal servers. [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.5 www inside 192.168.20.2 8080 [Huawei-GigabitEthernet3/0/0] quit

Configure NAT on the AR router to allow internal hosts to access internal servers using a domain name
If no intranet DNS servers are used and DNS domain names need to be used to access internal servers on an enterprise network, internal users have to send packets carrying DNS domain names to access a DNS server on a public network. A Huawei AR router allows internal and external users to access internal servers through domain names by configuring the NAT server and DNS mapping. The web server uses internal IP address 192.168.0.100/24 and port 8080. The web server has a public address of 202.10.1.3/24 and domain name of www.TestNat.com. The configuration is as follows: 1. Assign IP addresses to interfaces on the router. [Huawei] interface Ethernet0/0/0 [Huawei-Ethernet0/0/0] ip address 192.168.0.1 24 [Huawei-Ethernet0/0/0] quit [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] ip address 202.10.1.2 24 [Huawei-GigabitEthernet2/0/0] quit 2. Configure a default route and specify the next hop address as 202.10.1.1. [Huawei] ip route-static 0.0.0.0 0.0.0.0 202.10.1.1 3. Configure the NAT server and outbound NAT in Easy IP mode on GE2/0/0. [Huawei] acl number 2000 [Huawei-acl-basic-2000] rule 5 permit source 192.168.0.0 0.0.0.255 [Huawei-acl-basic-2000] quit [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] nat server protocol tcp global 202.10.1.3 www inside 192.168.0.100 8080 [Huawei-GigabitEthernet2/0/0] nat outbound 2000 [Huawei-GigabitEthernet2/0/0] quit 4. Enable NAT ALG for DNS and DNS mapping. [Huawei] nat alg dns enable [Huawei] nat dns-map www.testnat.com 202.10.1.3 80 tcp [Huawei] quit

Configure an internal user to access the Internet using a NAT address pool on the AR router
A Huawei AR router allows internal users to access external servers and the Internet using a NAT address pool. The configuration is as follows: 1. Assign IP addresses to interfaces on the router. [Huawei] vlan 100 [Huawei-vlan100] quit [Huawei] interface vlanif 100 [Huawei-Vlanif100] ip address 192.168.20.1 24 [Huawei-Vlanif100] quit [Huawei] interface ethernet 2/0/0 [Huawei-Ethernet2/0/0] port link-type access [Huawei-Ethernet2/0/0] port default vlan 100 [Huawei-Ethernet2/0/0] quit [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] ip address 202.169.10.1 24 [Huawei-GigabitEthernet3/0/0] quit 2. Configure a default route to ensure that the outbound interface has a reachable route to the remote end. [Huawei] ip route-static 0.0.0.0 0.0.0.0 202.169.10.2 3. Configure outbound NAT in address pool mode. [Huawei] nat address-group 1 202.169.10.100 202.169.10.200 [Huawei] acl 2000 [Huawei-acl-basic-2000] rule 5 permit source 192.168.20.0 0.0.0.255 [Huawei-acl-basic-2000] quit [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] nat outbound 2000 address-group 1 no-pat [Huawei-GigabitEthernet3/0/0] quit

How do I configure the AR router to map multiple internal IP addresses to external IP addresses using Easy IP
A Huawei AR router can use Easy IP to implement mapping between internal IP addresses and public IP addresses. Internal users access the Internet by performing Easy IP on GE0/0/1.The configuration is as follows: 1.Configure an ACL rule and configure NAT on the internal network address segment 192.168.0.0/24 . [Huawei] acl 2000 [Huawei-acl-basic-2000] rule 5 permit source 192.168.0.0 0.0.0.255 [Huawei-acl-basic-2000] quit 2. Assign IP addresses to interfaces on the router. [Huawei] interface ethernet0/0/1 [Huawei-Ethernet0/0/1] ip address 192.168.0.1 24 [Huawei-Ethernet0/0/1] quit [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] ip address 200.100.1.2 24 [Huawei-GigabitEthernet3/0/0] quit 3. Configure outbound NAT in Easy IP mode on the outbound interface. [Huawei] interface gigabitethernet 0/0/1 [Huawei-GigabitEthernet0/0/1] nat outbound 2000 [Huawei-GigabitEthernet0/0/1] quit

Configure NAT on the AR router to allow internal hosts to access internal servers using an external IP address
All models of Huawei AR routers in V200R003C01 and later versions allow internal and external users to access internal servers by configuring static NAT. GE1/0/0 on the router connects to the internal network and its IP address is 192.168.1.1/24. GE2/0/0 on the router connects to the external network and its IP address is 11.11.11.1/8. The internal server has an internal IP address 192.168.1.2/24 and an external IP address 11.11.11.6. The internal host at 192.168.1.3/24 wants to access the internal server. The configuration details on the AR router are as follows: 1. Assign IP addresses to interfaces on the router. [Huawei] interface GigabitEthernet1/0/0 [Huawei-GigabitEthernet1/0/0] ip address 192.168.1.1 24 [Huawei-GigabitEthernet1/0/0] quit [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] ip address 11.11.11.1 8 [Huawei-GigabitEthernet2/0/0] quit 2. Configure a default router to ensure interconnection between internal users and the external network. [Huawei] ip route-static 0.0.0.0 0.0.0.0 11.11.11.2 3. Configure internal users to access internal servers. The internal host use 11.11.11.6 to access servers. NAT is implemented through GE1/0/0 and one-to-one NAT is configured on the internal network service only when service requests are initiated from the internal network. [Huawei] acl number 2000 [Huawei-acl-basic-2000] rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 11.11.11.6 0 [Huawei-acl-basic-2000] quit [Huawei] interface GigabitEthernet1/0/0 [Huawei-GigabitEthernet1/0/0] nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255 [Huawei-GigabitEthernet1/0/0] nat outbound 2000 [Huawei-GigabitEthernet1/0/0] quit 4. Configure external users to access internal servers to ensure that external users use 11.11.11.6 to access internal servers. [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255 [Huawei-GigabitEthernet2/0/0] quit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top