Can a public address range be added when internal users access a network

7

When internal users access a network, a public address range can be added.

Other related questions:
Configure NAT on the AR router to allow internal hosts to access internal servers using an external IP address
All models of Huawei AR routers in V200R003C01 and later versions allow internal and external users to access internal servers by configuring static NAT. GE1/0/0 on the router connects to the internal network and its IP address is 192.168.1.1/24. GE2/0/0 on the router connects to the external network and its IP address is 11.11.11.1/8. The internal server has an internal IP address 192.168.1.2/24 and an external IP address 11.11.11.6. The internal host at 192.168.1.3/24 wants to access the internal server. The configuration details on the AR router are as follows: 1. Assign IP addresses to interfaces on the router. [Huawei] interface GigabitEthernet1/0/0 [Huawei-GigabitEthernet1/0/0] ip address 192.168.1.1 24 [Huawei-GigabitEthernet1/0/0] quit [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] ip address 11.11.11.1 8 [Huawei-GigabitEthernet2/0/0] quit 2. Configure a default router to ensure interconnection between internal users and the external network. [Huawei] ip route-static 0.0.0.0 0.0.0.0 11.11.11.2 3. Configure internal users to access internal servers. The internal host use 11.11.11.6 to access servers. NAT is implemented through GE1/0/0 and one-to-one NAT is configured on the internal network service only when service requests are initiated from the internal network. [Huawei] acl number 2000 [Huawei-acl-basic-2000] rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 11.11.11.6 0 [Huawei-acl-basic-2000] quit [Huawei] interface GigabitEthernet1/0/0 [Huawei-GigabitEthernet1/0/0] nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255 [Huawei-GigabitEthernet1/0/0] nat outbound 2000 [Huawei-GigabitEthernet1/0/0] quit 4. Configure external users to access internal servers to ensure that external users use 11.11.11.6 to access internal servers. [Huawei] interface GigabitEthernet2/0/0 [Huawei-GigabitEthernet2/0/0] nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255 [Huawei-GigabitEthernet2/0/0] quit

An internal user cannot access the internal server through the public address
An intranet user cannot use a public address to access an intranet server. Use the following method: 1. Check whether services on the intranet NAT server are running properly. 2. Check whether the NAT server is configured correctly. 3. Check the connection between the external host and NAT server and the configurations of the connected interfaces. 4. Check that the intranet NAT server is configured with the correct gateway address or route.

Configure NAT on the AR to permit Internet access and allow external users to access internal servers
Huawei AR routers support outbound NAT and NAT server to allow the intranet users to access the Internet and external users to access internal servers. The figure on the right page shows the networking diagram. Eth2/0/0 on the router connects to the internal network and its intranet IP address is 192.168.20.1/24. GE3/0/0 on the router connects to the external network and its extranet IP address is 202.169.10.1/24. The internal server has an internal IP address 192.168.20.2/24 and an external IP address 202.169.10.5. The internal host with the IP address 192.168.20.3/24 wants to access the internal server. The configuration details are as follows: 1. Configure IP addresses for interfaces on the router. [Huawei] vlan 100 [Huawei-vlan100] quit [Huawei] interface vlanif 100 [Huawei-Vlanif100] ip address 192.168.20.1 24 [Huawei-Vlanif100] quit [Huawei] interface ethernet 2/0/0 [Huawei-Ethernet2/0/0] port link-type access [Huawei-Ethernet2/0/0] port default vlan 100 [Huawei-Ethernet2/0/0] quit [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] ip address 202.169.10.1 24 [Huawei-GigabitEthernet3/0/0] quit 2. Configure a default route with next-hop address 202.169.10.2 on the router. [Huawei] ip route-static 0.0.0.0 0.0.0.0 202.169.10.2 3. Configure outbound NAT in Easy IP mode to allow internal users to access external networks. [Huawei] acl 2000 [Huawei-acl-basic-2000] rule 5 permit source 192.168.20.0 0.0.0.255 [Huawei-acl-basic-2000] quit [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] nat outbound 2000 4. Configure the NAT server to allow external users to access the internal servers. [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.5 www inside 192.168.20.2 8080 [Huawei-GigabitEthernet3/0/0] quit Note: The command that configures the NAT server function takes effect on Layer 3 interfaces, excluding Loopback and NULL interfaces.

Configure an internal user to access the Internet using a NAT address pool on the AR router
A Huawei AR router allows internal users to access external servers and the Internet using a NAT address pool. The configuration is as follows: 1. Assign IP addresses to interfaces on the router. [Huawei] vlan 100 [Huawei-vlan100] quit [Huawei] interface vlanif 100 [Huawei-Vlanif100] ip address 192.168.20.1 24 [Huawei-Vlanif100] quit [Huawei] interface ethernet 2/0/0 [Huawei-Ethernet2/0/0] port link-type access [Huawei-Ethernet2/0/0] port default vlan 100 [Huawei-Ethernet2/0/0] quit [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] ip address 202.169.10.1 24 [Huawei-GigabitEthernet3/0/0] quit 2. Configure a default route to ensure that the outbound interface has a reachable route to the remote end. [Huawei] ip route-static 0.0.0.0 0.0.0.0 202.169.10.2 3. Configure outbound NAT in address pool mode. [Huawei] nat address-group 1 202.169.10.100 202.169.10.200 [Huawei] acl 2000 [Huawei-acl-basic-2000] rule 5 permit source 192.168.20.0 0.0.0.255 [Huawei-acl-basic-2000] quit [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] nat outbound 2000 address-group 1 no-pat [Huawei-GigabitEthernet3/0/0] quit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top