How do I configure NAT on the AR router to map the intranet VPN


You can configure NAT on the AR router to enable users in different VPNs to access external networks through the same egress. In this situation, users in VPNs where IP addresses overlap can access hosts on external networks simultaneously. Run the nat overlap-address map-index overlappool-startaddress temppool-startaddress pool-length length [ inside-vpn-instance inside-vpn-instance-name ] command to map VPNs of the internal network.

Other related questions:
How do I configure the NAT log output on the AR router
NAT logs are generated when the AR performs address translation. The logs record the source IP address, source port, destination IP address, destination port, and translated source IP address and source port, as well as user actions and timestamp. The configuration is as follows: [Huawei] firewall log session enable //Enables the log function on the firewall. [Huawei] firewall log session nat enable //Enables the NAT session log function. Run the following commands to output logs to the log host or session log host: 1. Configure the device to use channel6 to send information to the log host at [Huawei] info-center enable [Huawei] info-center loghost channel channel6 2. Configure a binary log server whose IP address is and port number is 3456. Set the IP address and port number of the remote device to and 20000 respectively. [Huawei] firewall log binary-log host 3456 source 20000

How do I configure the AR router to map multiple internal IP addresses to external IP addresses using Easy IP
A Huawei AR router can use Easy IP to implement mapping between internal IP addresses and public IP addresses. Internal users access the Internet by performing Easy IP on GE0/0/1.The configuration is as follows: 1.Configure an ACL rule and configure NAT on the internal network address segment . [Huawei] acl 2000 [Huawei-acl-basic-2000] rule 5 permit source [Huawei-acl-basic-2000] quit 2. Assign IP addresses to interfaces on the router. [Huawei] interface ethernet0/0/1 [Huawei-Ethernet0/0/1] ip address 24 [Huawei-Ethernet0/0/1] quit [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] ip address 24 [Huawei-GigabitEthernet3/0/0] quit 3. Configure outbound NAT in Easy IP mode on the outbound interface. [Huawei] interface gigabitethernet 0/0/1 [Huawei-GigabitEthernet0/0/1] nat outbound 2000 [Huawei-GigabitEthernet0/0/1] quit

Configure port mapping on an AR router
Configure port mapping on an AR router. Port mapping is implemented based on ACLs. The application layer protocols that port mapping supports include FTP, DNS, HTTP, SIP, PPTP, and RTSP. Generally, the application layer protocols use well-known ports for communication. Port mapping allows users to define a group of new port numbers for different application layer protocols, reducing the risk of malicious attacks on a service. Port mapping makes senses only when it is used in conjunction with service-sensitive features such as ASPF and NAT. 1. Run the port-mapping { dns | ftp | http | sip | rtsp | pptp } port port-number acl acl-number command in the system view to configure port mapping globally. A protocol can be configured with multiple mapped ports, and a port can be mapped to multiple protocols. The ports must be distinguished based on ACLs. Different mapping relationships are applied to packets matching different ACLs. Actually, port mapping identifies protocols used by packets destined for a specific IP address (for example, WWW server). When trying to match the packets with basic ACL rules, port mapping matches the destination IP addresses in the packets with the source IP addresses defined in the ACL rules. 2. Run the display port-mapping [ dns | ftp | http | rtsp | sip | port port-number | pptp ] command to check the information about port mapping. An example of configuring port mapping is as follows: [Huawei] port-mapping ftp port 2121 acl 2102 //Configure port mapping on a router. [Huawei] display port-mapping ftp //Check the configuration result. For details about configuration of port mapping on AR routers, see the URL: AR router configuration port-mapping .

How do I connect the NAT server on the AR router to two uplinks
A Huawei AR router provides dual egresses of the NAT server. The web server uses internal IP address and port 8080. The IP address of GE2/0/0 (outbound interface) on the router is, and the IP address of GE3/0/0 is The configuration is as follows: 1. Assign IP addresses to interfaces on the router. [Huawei] interface Ethernet0/0/0 [Huawei-Ethernet0/0/0] ip address 24 [Huawei-Ethernet0/0/0] quit [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] ip address 24 [Huawei-GigabitEthernet2/0/0] quit [Huawei] interface GigabitEthernet3/0/0 [Huawei-GigabitEthernet3/0/0] ip address 24 [Huawei-GigabitEthernet3/0/0] quit 2. Configure the NAT server and outbound NAT in Easy IP mode on GE2/0/0 and GE3/0/0. [Huawei] acl number 2000 [Huawei-acl-basic-2000] rule 5 permit source [Huawei-acl-basic-2000] quit [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] nat server protocol tcp global www inside 8080 [Huawei-GigabitEthernet2/0/0] quit [Huawei] interface GigabitEthernet3/0/0 [Huawei-GigabitEthernet3/0/0] nat server protocol tcp global www inside 8080 [Huawei-GigabitEthernet3/0/0] nat outbound 2000 [Huawei-GigabitEthernet3/0/0] quit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top