Network Extension How to Configure Address Pool Routing

152

The virtual IP address pool can be set to the same network segment as the IP address of the internal network interface. If the virtual IP address pool is not on the same network segment as the IP address of the internal network interface, manually configure the route to the address pool on the device. The outgoing interface is the intranet interface.

Other related questions:
Configuring routes to addresses in the address pool for network extension
The virtual IP address pool and device intranet interface can be set on the same network segment. If the virtual IP address pool and device intranet interface are on different network segments, configure routes to addresses in the address pool and configure the intranet interface of the firewall as the outbound interface of the routes.

How is address pool configured on an AR
When a DHCP server needs to be redeployed, you need to migrate the address pool on the DHCP server to another DHCP server on the live network. To retain the addresses that have been assigned to clients from a global address pool, run the lock command to lock the global address pool. After the lock command is run, the specified IP address pool is locked and IP addresses in this address pool cannot be assigned to clients. When new users get online after the address pool is migrated, they apply for IP addresses from a new address pool. Perform the following configuration: [Huawei] ip pool global1 [Huawei-ip-pool-global1] lock

USG firewall configure SSL VPN network extension
USG Firewall Configure SSL VPN to configure network extensions Network expansion refers to the user on the local PC to install the USG network extension client, generate a virtual network card, the user through the virtual network card and enterprise intranet for SSL data communication. Before the configuration to ensure that the license file has been loaded, the USG can access the internal network resources. Configuration ideas: 1. In the USG to create a virtual gateway, external network users through this virtual gateway to access the enterprise network resources. The IP address of the virtual gateway is the public address of the egress. 2. Configure the DNS server address and domain name of the internal network so that users can access the virtual gateway's service through the domain name. 3. Configure the network extension function, assign IP addresses to the external network users and add the intranet resources that the external network users can access. 4. Configure the authentication mode as a certificate challenge (secondary authentication mode: VPNDB) and configure the authentication mode as VPNDB. 5. Add a VPNDB user. VPNDB user name that is the name of the client certificate, VPNDB password is the external network user login virtual gateway need to enter the password. 6. Configure the virtual gateway source IP policy. 7. Install the client certificate for the CA certificate on the PC side where you want to access the virtual gateway.

Configure a DHCP global address pool
Configure a DHCP global address pool on a CE series switch as follows:
<HUAWEI> system-view
[~Huawei] dhcp enable //Enable DHCP globally.
[*Huawei] commit
[~Huawei] ip pool pool1 //Create a global address pool and enter its view.
[*Huawei-ip-pool-pool1] gateway-list 10.1.1.1 //Configure the egress gateway address for the global address pool of a DHCP server.
[*Huawei-ip-pool-pool1] network 10.1.1.0 mask 255.255.255.128 //Configure the range of IP addresses that can be allocated dynamically from a global address pool.
[*Huawei-ip-pool-pool1] dns-list 10.1.1.2 //Configure an IP address for the DNS server used by DHCP clients.
[*Huawei-ip-pool-pool1] excluded-ip-address 10.1.1.2 //Configure an IP address that cannot be automatically allocated from the global address pool.
[*Huawei-ip-pool-pool1] lease day 10 //Configure a lease for the IP address.
[*Huawei-ip-pool-pool1] commit
[~Huawei-ip-pool-pool1] quit

Configure DHCP address pools on S series switch
When functioning as DHCP servers, S series switches (except S1700 switches) support the interface and global address pool configurations. - Interface address pool: The network segment to which the primary IP address of an interface belongs is an interface address pool. The DHCP server allocates IP addresses only on this network segment to clients connected to the interface. - Global address pool: 1. If a switch functioning as the DHCP server is on the same network segment as clients (that is, no DHCP relay agent is configured), the switch allocates IP addresses on the same network segment as the primary IP address of the interface connected to clients. If no primary IP address is configured for the interface or no address pool is on the same network segment as the interface's primary IP address, the clients cannot obtain IP addresses. 2. If a switch functioning as the DHCP server is on a different network segment from a DHCP client (that is, a DHCP relay agent is configured), the DHCP server parses the IP address (primary IP address of the first DHCP relay agent's interface) specified in the giaddr field of a DHCP Request packet, and allocates an IP address on the same network segment as the parsed IP address from an address pool to the client. If no address pool matches the parsed IP addresses, the client cannot obtain an IP address. When configuring address pools, follow the preceding rules to ensure that clients can obtain IP addresses.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top