Method used to configure the triplet NAT on the USG9000

0

On the USG9000, you can configure the triplet NAT function to enable private network users to access the Internet.
The configuration method is as follows:
1. Configure the interface IP address, security zones, and basic network parameters.
2. Configure the security policies and enable the addresses in the specific network segment of the private network to interwork the Internet.
3. Configure the NAT address pool.
4. Configure the source NAT policy to enable the firewall to automatically translate source addresses in the specified network segment of the private network upon access to the Internet.
5. Configure a default route for the firewall, so that the firewall can normally forward private network traffic to the router of the ISP.
6. Configure a default gateway for the private network host, so that the gateway can forward traffic generated for accessing the Internet to the firewall.
7. Configure a static route for the router, so that traffic returned from the Internet can be normally forwarded to the firewall.
For details about the configuration, see the CLI Examples: Private Network User Accessing the Internet Using the Triplet NAT in the product documentation.

Other related questions:
Configuring traffic policies for the USG9000
Traffic policy configuration for the USG9000: Configure priority re-marking based on multi-field (MF) classification. The following is an example of configuring priority re-marking based on MF classification. Configuration procedure: 1. Configure an access control list (ACL). 2. Configure traffic classes. 3. Configure traffic actions. 4. Configure traffic policies based on traffic classes and actions. 5. Apply traffic policies. Configuration example: The USG9000 functions as the gateway on the internal network for accessing the Internet. (3)(4)Internal network----(1)USG9000(2)---Internet (1) GE interface 1/0/0: 1.1.1.1/24 (2) GE interface 2/0/0: 2.1.1.1/24 (3) Server: 1.1.1.3 (4) PC: 1.1.1.4 On the USG9000, apply the following priority re-marking policies for packets received by GE interface 1/0/0 from the server and PC: Re-mark the differentiated services code point (DSCP) priority of packets sent from the server to AF43 (38). Re-mark the DSCP priority of packets sent from the PC to CS5 (40). Procedure: 1. Perform basic configuration. Specifically, configure interface IP addresses, add interfaces to zones, and configure inter-zone filtering policies. 2. Configure ACL rules for packets sent from the server and PC. [USG9000] acl number 2001 [USG9000-acl-basic-2001] rule permit source 1.1.1.2 0.0.0.0 [USG9000] acl number 2002 [USG9000-acl-basic-2002] rule permit source 1.1.1.3 0.0.0.0 3. Define traffic classes. [USG9000] traffic classifier class1 [USG9000-classifier-class1] if-match acl 2001 [USG9000] traffic classifier class2 [USG9000-classifier-class2] if-match acl 2002 [USG9000-classifier-class2] quit 4. Define traffic actions. [USG9000] traffic behavior behavior1 [USG9000-behavior-behavior1] remark dscp af43 [USG9000-behavior-behavior1] quit [USG9000] traffic behavior behavior2 [USG9000-behavior-behavior2] remark dscp cs5 [USG9000-behavior-behavior2] quit 5. Define traffic policies. [USG9000] traffic policy policy1 [USG9000-trafficpolicy-policy1] classifier class1 behavior behavior1 [USG9000-trafficpolicy-policy1] classifier class2 behavior behavior2 6. Apply traffic policies. [USG9000] interface GigabitEthernet 1/0/0 [USG9000-GigabitEthernet1/0/0] traffic-policy policy1 inbound [USG9000-GigabitEthernet1/0/0] quit

NAT on the USG9000 series
NAT is a type of address translation technology that converts the address in an IPv4 packet header into another address. Generally, the NAT technology is used to convert private addresses in IPv4 packet headers into public addresses so that users on the private network can access the Internet concurrently by using a few public addresses. The NAT technology is usually used to address the issue of public IPv4 address shortage caused by the constant increase in the Internet scale.

Method used to configure static NAT on the AR
Huawei AR routers support static NAT. Use either of the following methods to configure static NAT: Method 1: Configure static mapping in the interface view. Translate the combination of the public IP address 202.10.10.1 and port 200 in TCP packets to the combination of the private IP address 10.10.10.1 and port 300. [Huawei] interface gigabitethernet 1/0/0 [Huawei-GigabitEthernet1/0/0] nat static protocol tcp global 202.10.10.1 200 inside 10.10.10.1 300 Method 2: Configure static mapping in the system view. Translate the combination of Loopback 4 interface address and port 43 in TCP packets to private address 192.168.2.55. [Huawei] nat static protocol tcp global interface loopback 4 43 inside 192.168.2.55 netmask 255.255.255.255 For details on the static NAT configuration, see "NAT Configuration->Configuring NAT->Configuring Static NAT" in Configuration Guide - IP Service.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top