Got it

Example for Configuring NAT for a Public IP Address in a VPN Instance

Latest reply: Dec 21, 2018 09:31:07 2000 4 10 0 0

Hello everyone,

Today I will share with you the example for configuration NAT for a public IP address in a VPN instance.

#
ip vpn-instance INTERNET
 ipv4-family
  route-distinguisher 100:1
  vpn-target 100:1 export-extcommunity
  vpn-target 100:1 200:1 import-extcommunity
#

#
ip vpn-instance HSI
 ipv4-family
  route-distinguisher 200:1
  vpn-target 200:1 export-extcommunity
  vpn-target 200:1 100:1 import-extcommunity
#

service-location 1
 location slot 1 engine 0
#
service-instance-group ser_group1
 service-location 1

#
nat instance nat1 id 1
 vpn-nat enable
 service-instance-group ser_group1
 nat address-group group1 group-id 1 101.0.0.0 101.0.0.5 vpn-instance INTERNET
 nat outbound any address-group group1
 nat alg all

#

#
interface Eth-Trunk0.1
 description To_access_network
 user-vlan 1000 qinq 10
 bas
 #
  access-type layer2-subscriber default-domain authentication huawei
  authentication-method bind
  vpn-instance HSI
 #
#

user-group huawei

#

 domain huawei
  authentication-scheme huawei
  accounting-scheme  huawei
  ip-pool  huawei
  vpn-instance HSI
  user-group huawei bind nat instance nat1

#

acl number 6001
 rule 1 permit ip source user-group huawei

#

traffic classifier c1 operator or
 if-match acl 6001

#

traffic behavior b1
 nat bind instance nat1

#

traffic policy p5
 share-mode
 classifier c1 behavior b1

#
 traffic-policy p1 inbound
#

That is all I want to share with you! Thank you!

 

  • x
  • convention:

yiyi0519
Created Dec 19, 2018 09:03:02

can you give one topology for this configuration?
View more
  • x
  • convention:

Yolanda_617
Created Dec 21, 2018 01:32:25

Can you provide a more detailed explanation?
View more
  • x
  • convention:

YOO
Created Dec 21, 2018 03:15:05

Good example
View more
  • x
  • convention:

user_2915719
Created Dec 21, 2018 09:31:07

Can we configure the session hold-on time for the NAT?
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.