Got it

Easy IP, PAT, NAT Server (Internal Server Access) - NAT Series

Latest reply: Sep 30, 2018 11:30:57 6716 3 0 0 0

Hi there, everyone!


This post is about the easy IP, PAT, NAT Server (Internal Server Access) as part of the NAT Series. Please see more details as you read further down.


BACKGROUND INFORMATION


VPN A and VPN B need to access the Internet; in the lab as above, we only need to ping IP address 202.100.1.2 to test the Internet access. What should we do now?


PROCEDURE


The first step is to configure all IP addresses. The VPN instance is strange to me, so I need to deal with it later. Just forget about it right now.


We can discuss easy IP first. What’s easy IP? Easy IP allows hosts to access the Internet using temporary public address, which is the same as my current Juniper firewall SSG20 using China Telecom EPON PPPoE dialup.


The example seems easy, but if you try to configure it by yourself without reference, it’s still a task. If you want to ping 200.100.1.1 from client1, it’s easy by using routing protocol, but here we have to use NAT.


I configure an ACL rule 2000 to permit 192.168.0.x out and then apply NAT outbound 2000 on GE0/0/1 of Router. After that, I can ping 200.100.1.1.


[Router]display nat outbound

 NAT Outbound Information:

 --------------------------------------------------------------------------

 Interface                     Acl     Address-group/IP/Interface      Type

 --------------------------------------------------------------------------

 GigabitEthernet0/0/1         2000                    200.100.1.2    easyip 

 --------------------------------------------------------------------------


I can see that the type is easyip. The answer has a default route. This kind of mode can only use one public IP address.


So let’s talk about the mode of using several public IP addresses---NAT Pool.


I can’t ping 202.169.10.201. It turns out I've forgotten to configure the IP address for GE 0/0/0. While pinging, I can see the NAT session as below.


[Router]display nat session all

  NAT Session Table Information:

 

     Protocol          : ICMP(1)

     SrcAddr   Vpn     : 192.168.20.2                                  

     DestAddr  Vpn     : 202.169.10.201                                

     Type Code IcmpId  : 0   8   20773

     NAT-Info

       New SrcAddr     : 202.169.10.125

       New DestAddr    : ----

       New IcmpId      : 10256

 

     Protocol          : ICMP(1)

     SrcAddr   Vpn     : 192.168.20.2                                  

     DestAddr  Vpn     : 202.169.10.201                                

     Type Code IcmpId  : 0   8   20772

     NAT-Info

       New SrcAddr     : 202.169.10.125

       New DestAddr    : ----

       New IcmpId      : 10255

 

  Total : 2


We can also see this kind NAT Pool mode’s name is PAT.


[Router]display nat outbound

 NAT Outbound Information:

 --------------------------------------------------------------------------

 Interface                     Acl     Address-group/IP/Interface      Type

 --------------------------------------------------------------------------

 GigabitEthernet0/0/0         2000                              1       pat

 --------------------------------------------------------------------------

  Total : 1


Sometimes, we configure a internal server such as http server and we want outside users to access the server. Here we go.Easy IP, PAT, NAT Server (Internal Server Access) - NAT Series-1315835-1


Error: The address conflicts with the NAT address group IP.

Error: The address conflicts with interface or ARP IP.


So I use nat server protocol tcp global current-interface www inside192.168.20.2 80 and you can see the effort as below.


I have a second choice and prefer to use ftp.


 nat server protocol tcp global current-interface ftp inside 192.168.20.2 21


This time I can access FTP server remotely with success!


In a word:

[Router]display nat server

 

  Nat Server Information:

  Interface  : GigabitEthernet0/0/0

    Global IP/Port     : current-interface/21(ftp) (Real IP : 202.169.10.1)

    Inside IP/Port     : 192.168.20.3/21(ftp)

    Protocol : 6(tcp)  

    VPN instance-name  : ----                           

    Acl number         : ----

    Description : ----

 

    Global IP/Port     : current-interface/80(www) (Real IP : 202.169.10.1)

    Inside IP/Port     : 192.168.20.3/80(www)

    Protocol : 6(tcp)  

    VPN instance-name  : ----                           

    Acl number         : ----

    Description : ----

 

  Total :    2


This would be all on easy IP, PAT, NAT Server (Internal Server Access) as part of the NAT Series. Thanks for reading this post!

This article contains more resources

You need to log in to download or view. No account? Register

x
  • x
  • convention:

user_2790689
Created Dec 27, 2014 09:25:54

Thank you.
View more
  • x
  • convention:

faysalji
Author Created Sep 30, 2018 11:01:14

Thanks mate:)
View more
  • x
  • convention:

Mysterious.color
Created Sep 30, 2018 11:30:57

Thanks for sharing the topology on eNSP
i can open it and see configuration
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.