Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
NAT on Huawei NE 8000

NAT on Huawei NE 8000

Created: Jun 30, 2021 10:31:56Latest reply: Jul 2, 2021 09:31:15 994 12 1 0 0
  HiCoins as reward: 0 (problem unresolved)
View the author 1#

Hello all!

Im trying to config NAT on Huawei NE 8000 use this manual https://support.huawei.com/enterprise/en/doc/EDOC1100058918/239afdb7/example-for-configuring-easy-ip-for-nat , but this not work for me :(


My config:
#
nat instance NAT1 id 1 simple-configuration
#
nat address-group NAT1 group-id 1 unnumbered interface GigabitEthernet0/4/4
#
nat server global 198.168.222.10 inside 198.168.4.128
#
#
acl name NAT1 advance
 rule 5 permit ip source 198.168.222.10 0
#
interface GigabitEthernet0/4/4
 description Outbound
 undo shutdown
 ip address 198.168.253.165 255.255.255.252
 trust upstream default
 ospf authentication-mode md5 1 cipher
 ospf network-type p2p
 ospf bfd enable
 ospf bfd min-tx-interval 1000 min-rx-interval 1000
 ip netstream inbound
 ip netstream outbound
 undo dcn
 nat bind acl name NAT1 instance NAT1 precedence 0
#


I need that ip address 198.168.222.10 replace 198.168.4.128. I see in shell next:


[~RT-1-1]di nat server-map
This operation will take a few minutes. Press 'Ctrl+C' to break ...
Slot: 7
Total number:  2.
  NAT Instance: NAT1
  Protocol:ANY, VPN:--->-
  Server reverse:ANY->198.168.4.128[198.168.222.10]
  Tag:0x0, TTL:-, Left-Time:-
  CPE IP:198.168.222.10
  extendable: false
  NAT Instance: NAT1
  Protocol:ANY, VPN:--->-
  Server:198.168.222.10[198.168.4.128]->ANY
  Tag:0x0, TTL:-, Left-Time:-
  CPE IP:198.168.222.10
  extendable: false
[~RT-1-1]di nat user-information
This operation will take a few minutes. Press 'Ctrl+C' to break ...
Slot: 7
Total number:  1.
  ---------------------------------------------------------------------------
  CPE IP                                :  198.168.222.10
  VPN Instance                          :  -
  Public IP                             :  198.168.253.165
  NoPAT Public IP                       :  -
  Total/TCP/UDP/ICMP Session Limit      :  8192/10240/10240/512
  Total/TCP/UDP/ICMP Session Current    :  2/0/1/1
  Nat ALG Enable                        :  NULL
  ---------------------------------------------------------------------------
[~RT-1-1]di nat session table
This operation will take a few minutes. Press 'Ctrl+C' to break ...
Slot: 7
Current total sessions: 4.
  icmp: 198.168.222.10:512[10.17.4.128:512]-->198.168.30.28:2048
  udp: 198.168.222.10:1044[10.17.4.128:1044]-->198.168.3.8:53
  udp: 198.168.222.10:1439[10.17.4.128:1439]-->198.168.3.8:53
  udp: 198.168.222.10:137[10.17.4.128:137]-->198.168.3.8:137


Network 198.168.4.0/24 routing on another router, located elsewhere. ip address 198.168.4.128 not busy with anyone host.


But i not ping ip address 198.168.4.128, my question - why ? 

ne8000nat

Like (1) Dislike (0) Favorite(0) Share Report
Previous: Changing default IP address for interface for sftp s5700
Next: Using hostname instead of IP when access from network devices
Featured Answers

Recommended answer

(0) (0)
chenhui
Admin Created Jun 30, 2021 11:25:14

Hello,
As the example you provided, the internal IP addresses will be translated to the interface public IP address. In you situation, the internal users' IP address will be translated to 192.168.253.165. And the NAT user-information rectifies that.
As your requirement, you need to configure the NAT in the address pool mode, please refer to the example https://support.huawei.com/enterprise/en/doc/EDOC1100058918/cd949c9b?idPath=24030814|9856750|250987487|22896254|21368250
View more
  • x
  • convention:

neo3264
neo3264 Created Jul 1, 2021 09:46:09 (0) (0)
i try this, but 198.168.4.128 not pinging..(  
chenhui
chenhui Reply neo3264  Created Jul 1, 2021 10:00:22 (0) (0)
I'm sorry, but the 192.168.4.128 is an internal server, and you are trying to ping it from the Internet and get no success. Is that your scenario?  
neo3264
neo3264 Created Jul 1, 2021 10:01:30 (0) (0)
not ping even from router  
neo3264
neo3264 Reply chenhui  Created Jul 1, 2021 10:02:18 (0) (0)
yes, not ping from Outside network  
All Answers
(1) (0)
2#
olive.zhao
olive.zhao Admin Created Jun 30, 2021 10:33:14

Hello, dear!
It's nice to meet you in the community.
We're working on your problem. Please be patient.
View more
  • x
  • convention:
(0) (0)
3#
chenhui
chenhui Admin Created Jun 30, 2021 11:25:14

Hello,
As the example you provided, the internal IP addresses will be translated to the interface public IP address. In you situation, the internal users' IP address will be translated to 192.168.253.165. And the NAT user-information rectifies that.
As your requirement, you need to configure the NAT in the address pool mode, please refer to the example https://support.huawei.com/enterprise/en/doc/EDOC1100058918/cd949c9b?idPath=24030814|9856750|250987487|22896254|21368250
View more
  • x
  • convention:

neo3264
neo3264 Created Jul 1, 2021 09:46:09 (0) (0)
i try this, but 198.168.4.128 not pinging..(  
chenhui
chenhui Reply neo3264  Created Jul 1, 2021 10:00:22 (0) (0)
I'm sorry, but the 192.168.4.128 is an internal server, and you are trying to ping it from the Internet and get no success. Is that your scenario?  
neo3264
neo3264 Created Jul 1, 2021 10:01:30 (0) (0)
not ping even from router  
neo3264
neo3264 Reply chenhui  Created Jul 1, 2021 10:02:18 (0) (0)
yes, not ping from Outside network  
(0) (0)
4#
neo3264
neo3264 Created Jun 30, 2021 12:51:53

Exuse me, also me interested, is it absolutely necessary static routed for working NAT if I already have OSPF routed ?
View more
  • x
  • convention:

chenhui
chenhui Created Jul 1, 2021 00:43:06 (0) (0)
I don't think so, but it's better to discuss that in a specific scenario.  
(0) (0)
5#
chenhui
chenhui Admin Created Jul 2, 2021 09:31:15

Posted by chenhui at 2021-06-30 11:25 Hello,As the example you provided, the internal IP addresses will be translated to the interface pub ...
Hello,
Please refer to the example below:
[~NATA] service-location 1
[*NATA-service-location-1] location slot 1
[~NATA] service-instance-group group1
[*NATA-service-instance-group-group1] service-location 1
[~NATA] nat instance nat1 id 1
[*NATA-nat-instance-nat1] service-instance-group group1
[*NATA-nat-instance-nat1] nat server global 198.168.222.10 inside 198.168.4.128
[*NATA-nat-instance-nat1] nat server-mode enable

[~NATA] acl name NAT1 advance
[*NATA] rule 5 permit ip source 198.168.222.10 0

[~NATA] interface GigabitEthernet0/4/4
[*NATA-GigabitEthernet0/4/4] nat bind acl name NAT1 instance nat1 precedence 0
[*NATA-GigabitEthernet0/4/4] commit
View more
  • x
  • convention:

neo3264
neo3264 Created Jul 5, 2021 09:47:09 (0) (0)
ok.. but my device dont understand command "service-location". if i type service- he's showing me service-template and service-security.  
neo3264
neo3264 Created Jul 5, 2021 09:47:46 (0) (0)
ok.. but my device dont understand command "service-location". if i type service- he's showing me service-template and service-security.  
chenhui
chenhui Reply neo3264  Created Jul 6, 2021 01:02:52 (0) (0)
If the device doesn't recognize that command, just ignore that, and go through the remaining steps.  
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.