Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
ME60-X3---NAT issue

ME60-X3---NAT issue

Latest reply: Dec 31, 2018 15:11:04 1121 9 9 0 0
View the author 1#

【Problem Description】

He need to do nottranslate traffic from Client (100.90.1.123) to server (172.30.2.1) but at thesame time he need to translate traffic from user to internet by external IP.

145853kebsebp1f1zp9e93.jpg

【Solution Description】

For customer’srequirement, we need configure an extra behavior before “classifierafter-auth-tc behavior nat-bind”. So that, it will match the behavior firstwhen access 172.30.2.1 since the traffic policy match order, then will matchthe nat behavior when access internet.

Also, the address172.30.2.1 seems be natted before ME60 which is displayed on the ME60 is185.43.190.x, so I am afraid we should configure the destination address185.43.190.x for the extra behavior.


configure an extra behavior before “classifier after-auth-tc behaviornat-bind

acl number 6003

rule 5 permit ip sourceuser-group after-auth-ug destination ip-address 185.43.190.41 0

#

traffic classifierafter-auth-permit operator or

if-match acl 6003

#

traffic behaviorperm2

#

traffic policy web

undo classifierafter-auth-tc behavior nat-bind  //we need undo it first since the traffic policy match order

classifier after-auth-permit behavior perm2  //add new policy

classifierafter-auth-tc behavior nat-bind


Like (9) Dislike (0) Favorite(0) Share Report
Previous: customer want to know how to set the route preference
Next: CloudEngine 12800 EVN arp-direct route
(0) (0)
2#
yechao99
Created Dec 25, 2018 02:48:07

usually NAT many issue, so it's good for us
View more
  • x
  • convention:
(0) (0)
3#
3li
Created Dec 25, 2018 10:08:26

Thanks you
View more
  • x
  • convention:
(0) (0)
4#
yjhd
Created Dec 26, 2018 02:58:32

rule 5 permit ip sourceuser-group after-auth-ug destination ip-address 185.43.190.41 0
View more
  • x
  • convention:
(0) (0)
5#
Torrent
Created Dec 28, 2018 06:11:57

For customer’srequirement, we need configure an extra behavior before “classifierafter-auth-tc behavior nat-bind”. So that, it will match the behavior firstwhen access 172.30.2.1 since the traffic policy match order, then will matchthe nat behavior when access internet.


Also, the address172.30.2.1 seems be natted before ME60 which is displayed on the ME60 is185.43.190.41, so I am afraid we should configure the destination address185.43.190.41 for the extra behavior.

thanks for sharing
View more
  • x
  • convention:
(0) (0)
6#
Finn92
Created Dec 29, 2018 01:55:17

configure an extra behavior before “classifier after-auth-tc behaviornat-bind”


acl number 6003



rule 5 permit ip sourceuser-group after-auth-ug destination ip-address 185.43.190.41 0



#



traffic classifierafter-auth-permit operator or



if-match acl 6003



#



traffic behaviorperm2



#



traffic policy web



undo classifierafter-auth-tc behavior nat-bind //we need undo it first since the traffic policy match order



classifier after-auth-permit behavior perm2 //add new policy



classifierafter-auth-tc behavior nat-bind

it's very helpful for sovling issue .
View more
  • x
  • convention:
(0) (0)
7#
SupperRobin
Created Dec 29, 2018 03:32:13

the address172.30.2.1 seems be natted before ME60 which is displayed on the ME60 is185.43.190.41, so I am afraid we should configure the destination address185.43.190.41 for the extra behavior.
View more
  • x
  • convention:
(0) (0)
8#
yjhd
Created Dec 29, 2018 05:43:23

For customer’srequirement, we need configure an extra behavior before “classifierafter-auth-tc behavior nat-bind”. So that, it will match the behavior firstwhen access 172.30.2.1 since the traffic policy match order, then will matchthe nat behavior when access internet.



Also, the address172.30.2.1 seems be natted before ME60 which is displayed on the ME60 is185.43.190.41, so I am afraid we should configure the destination address185.43.190.41 for the extra behavior.
View more
  • x
  • convention:
(0) (0)
9#
littlestone
Created Dec 29, 2018 12:13:22

NAT (Network Address Translation) was proposed in 1994. When some hosts inside the private network have already been assigned to local IP addresses (i.e. private addresses used only in the private network)
View more
  • x
  • convention:
(0) (0)
10#
w1
Created Dec 31, 2018 15:11:04

NAT issue for ME60 device, we need pay more attention on the traffic-policy and the rule order, like this case, it show us the typecail NAT issue cased by the traffic-policy, thanks for your sharing
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.