Method used to configure IPSec on the AR where NAT and OSPF are deployed


Huawei AR routers support IPSec tunnels in networking where NAT and OSPF are deployed. For details, see "Example for Configuring GRE Over IPSec to Implement Communication Between the Branches and Headquarters and NAT to Implement Communication Between Branches (Running OSPF)" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples.

Other related questions:
Deployment locations of IS-IS and OSPF on a network
IS-IS is deployed on backbone networks and OSPF is deployed on MANs. OSPF is more suitable for MAN services in terms of the protocol itself. OSPF VPN extension can prevent loops on VPNs by default. You can also configure OSPF VPN extension not to prevent loops on VPNs. In this case, you can configure MCE for route isolation

Method used to configure static NAT on the AR
Huawei AR routers support static NAT. Use either of the following methods to configure static NAT: Method 1: Configure static mapping in the interface view. Translate the combination of the public IP address and port 200 in TCP packets to the combination of the private IP address and port 300. [Huawei] interface gigabitethernet 1/0/0 [Huawei-GigabitEthernet1/0/0] nat static protocol tcp global 200 inside 300 Method 2: Configure static mapping in the system view. Translate the combination of Loopback 4 interface address and port 43 in TCP packets to private address [Huawei] nat static protocol tcp global interface loopback 4 43 inside netmask For details on the static NAT configuration, see "NAT Configuration->Configuring NAT->Configuring Static NAT" in Configuration Guide - IP Service.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top