How do I configure NAT on the AR router to map the intranet VPN

46

You can configure NAT on the AR router to enable users in different VPNs to access external networks through the same egress. In this situation, users in VPNs where IP addresses overlap can access hosts on external networks simultaneously. Run the nat overlap-address map-index overlappool-startaddress temppool-startaddress pool-length length [ inside-vpn-instance inside-vpn-instance-name ] command to map VPNs of the internal network.

Other related questions:
How do I configure the NAT log output on the AR router
NAT logs are generated when the AR performs address translation. The logs record the source IP address, source port, destination IP address, destination port, and translated source IP address and source port, as well as user actions and timestamp. The configuration is as follows: [Huawei] firewall log session enable //Enables the log function on the firewall. [Huawei] firewall log session nat enable //Enables the NAT session log function. Run the following commands to output logs to the log host or session log host: 1. Configure the device to use channel6 to send information to the log host at 10.1.1.1. [Huawei] info-center enable [Huawei] info-center loghost 10.1.1.1 channel channel6 2. Configure a binary log server whose IP address is 10.10.10.1 and port number is 3456. Set the IP address and port number of the remote device to 10.10.10.2 and 20000 respectively. [Huawei] firewall log binary-log host 10.10.10.1 3456 source 10.10.10.2 20000

How do I configure the AR router to map multiple internal IP addresses to external IP addresses using Easy IP
A Huawei AR router can use Easy IP to implement mapping between internal IP addresses and public IP addresses. Internal users access the Internet by performing Easy IP on GE0/0/1.The configuration is as follows: 1.Configure an ACL rule and configure NAT on the internal network address segment 192.168.0.0/24 . [Huawei] acl 2000 [Huawei-acl-basic-2000] rule 5 permit source 192.168.0.0 0.0.0.255 [Huawei-acl-basic-2000] quit 2. Assign IP addresses to interfaces on the router. [Huawei] interface ethernet0/0/1 [Huawei-Ethernet0/0/1] ip address 192.168.0.1 24 [Huawei-Ethernet0/0/1] quit [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] ip address 200.100.1.2 24 [Huawei-GigabitEthernet3/0/0] quit 3. Configure outbound NAT in Easy IP mode on the outbound interface. [Huawei] interface gigabitethernet 0/0/1 [Huawei-GigabitEthernet0/0/1] nat outbound 2000 [Huawei-GigabitEthernet0/0/1] quit

Configure port mapping on an AR router
Configure port mapping on an AR router. Port mapping is implemented based on ACLs. The application layer protocols that port mapping supports include FTP, DNS, HTTP, SIP, PPTP, and RTSP. Generally, the application layer protocols use well-known ports for communication. Port mapping allows users to define a group of new port numbers for different application layer protocols, reducing the risk of malicious attacks on a service. Port mapping makes senses only when it is used in conjunction with service-sensitive features such as ASPF and NAT. 1. Run the port-mapping { dns | ftp | http | sip | rtsp | pptp } port port-number acl acl-number command in the system view to configure port mapping globally. A protocol can be configured with multiple mapped ports, and a port can be mapped to multiple protocols. The ports must be distinguished based on ACLs. Different mapping relationships are applied to packets matching different ACLs. Actually, port mapping identifies protocols used by packets destined for a specific IP address (for example, WWW server). When trying to match the packets with basic ACL rules, port mapping matches the destination IP addresses in the packets with the source IP addresses defined in the ACL rules. 2. Run the display port-mapping [ dns | ftp | http | rtsp | sip | port port-number | pptp ] command to check the information about port mapping. An example of configuring port mapping is as follows: [Huawei] port-mapping ftp port 2121 acl 2102 //Configure port mapping on a router. [Huawei] display port-mapping ftp //Check the configuration result. For details about configuration of port mapping on AR routers, see the URL: AR router configuration port-mapping .

How do I connect the NAT server on the AR router to two uplinks
A Huawei AR router provides dual egresses of the NAT server. The web server uses internal IP address 192.168.0.100/24 and port 8080. The IP address of GE2/0/0 (outbound interface) on the router is 202.10.1.2/24, and the IP address of GE3/0/0 is 201.10.1.2/24. The configuration is as follows: 1. Assign IP addresses to interfaces on the router. [Huawei] interface Ethernet0/0/0 [Huawei-Ethernet0/0/0] ip address 192.168.0.1 24 [Huawei-Ethernet0/0/0] quit [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] ip address 202.10.1.2 24 [Huawei-GigabitEthernet2/0/0] quit [Huawei] interface GigabitEthernet3/0/0 [Huawei-GigabitEthernet3/0/0] ip address 201.10.1.2 24 [Huawei-GigabitEthernet3/0/0] quit 2. Configure the NAT server and outbound NAT in Easy IP mode on GE2/0/0 and GE3/0/0. [Huawei] acl number 2000 [Huawei-acl-basic-2000] rule 5 permit source 192.168.0.0 0.0.0.255 [Huawei-acl-basic-2000] quit [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] nat server protocol tcp global 202.10.1.3 www inside 192.168.0.100 8080 [Huawei-GigabitEthernet2/0/0] quit [Huawei] interface GigabitEthernet3/0/0 [Huawei-GigabitEthernet3/0/0] nat server protocol tcp global 201.10.1.3 www inside 192.168.0.100 8080 [Huawei-GigabitEthernet3/0/0] nat outbound 2000 [Huawei-GigabitEthernet3/0/0] quit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top