Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
NAT with dynamic routing ...

NAT with dynamic routing on AR series routers

Created: May 14, 2020 07:20:12Latest reply: May 14, 2020 08:18:47 433 5 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hi, All!

I have a AR6280 connected to ISP via BGP.

On outbound interface I have /30 for BGP P2P so I can't use it as an outbound ip address for NAT.

Natively I should use some ip address from one of the networks that I announce to my ISP via BGP.

I read all documentation about NAT on AR series routers but haven't find any mention of such kind of configuration that supports usage of an outbound ip address from loopback interface for example. I really can't use ip address from outbound interface.


Does Huawei routers support this kind of configuration at all? If it does, please, provide some documentation where it is mentioned.


Best reagrds, Alex.

Like (0) Dislike (0) Favorite(0) Share Report
Previous: ECM heartbeat loss
Next: What Are Requirements for Configuring IGMP Parameters on Each Interface of the Devices on a Shared Network Segment?
Featured Answers

Recommended answer

(0) (0)
jason_hu
Admin Created May 14, 2020 07:30:09

Hello,
You can use the port address, but not the loopback address, as the outbound interface address when configuring the NAT outbound interface address.

Glad to help you! Any further questions, let us know.


View more
  • x
  • convention:
All Answers
(0) (0)
2#
jason_hu
jason_hu Admin Created May 14, 2020 07:30:09

Hello,
You can use the port address, but not the loopback address, as the outbound interface address when configuring the NAT outbound interface address.

Glad to help you! Any further questions, let us know.


View more
  • x
  • convention:
(0) (0)
3#
Unicef
Unicef MVE Created May 14, 2020 07:37:53

Example for Configuring NAT Static and Outbound NAT to Implement Communication Between Public Network Users and Servers
Applicability
This example applies to all versions and AR routers.

Networking Requirements
As shown in Figure 3-6, an FTP server is deployed on the Internet and the router functions as the enterprise egress gateway. To ensure security, the enterprise requires that service traffic between public network users and FTP server be forwarded through the router and IP addresses of the public network user and server are not detected.

Figure 3-6 Networking for configuring NAT static and outbound NAT to implement communication between public network users and servers

NAT

Procedure:

  1. 1. Configure the router.


    #
 sysname Router
#                                                                               
acl number 2000                                                                 
 rule 5 permit source any                                     
#                                                                               
interface GigabitEthernet1/0/0                                                  
 ip address 2.2.2.1 255.255.255.0                                            
 nat outbound 2000  //Configure outbound NAT and map the actual IP address of the user to the IP address of GE1/0/0.                    
#                                                                               
interface GigabitEthernet2/0/0                                                  
 ip address 1.1.1.1 255.255.255.0                                            
 nat static global current-interface inside 2.2.2.2  //Configure NAT static and map the actual IP address of the FTP server to the IP address of GE2/0/0.      
#                                                                               
return

    2. Verify the configuration.


# Run the display nat outbound command on the router.

<Router> display nat outbound
 NAT Outbound Information:
 -----------------------------------------------------------------
 Interface                     Acl      Address-group/IP/Interface      Type
 GigabitEthernet1/0/0        2000                     2.2.2.1      easyip     
 --------------------------------------------------------------------------     
  Total : 1

# Run the display nat static command on the router.

<Router> display nat static
  Static Nat Information:                                                       
  Interface  : GigabitEthernet0/0/0                                             
    Global IP/Port     : current-interface/---- (Real IP : 1.1.1.1)      
    Inside IP/Port     : 2.2.2.2/----                                        
    Protocol : ----                                                             
    VPN instance-name  : ----                                                   
    Acl number         : ----                                                   
    Vrrp id            : ----                                                   
    Netmask  : 255.255.255.255                                                  
    Description : ----                                                          
                                                                                
  Total :    1


https://support.huawei.com/enterprise/en/doc/EDOC1100098908/99f06e78/example-for-configuring-nat-static-and-outbound-nat-to-implement-communication-between-public-network-users-and-servers

https://support.huawei.com/enterprise/en/doc/EDOC1000177797/ee01cd2a/example-for-configuring-dynamic-nat


View more
  • x
  • convention:
(0) (0)
4#
Kolesa
Kolesa Created May 14, 2020 08:10:50

Posted by Unicef at 2020-05-14 07:37 Example for Configuring NAT Static and Outbound NAT to Implement Communication Between Public Networ ...
As I described in first message I can't use this configuration:
interface GigabitEthernet1/0/0
ip address 2.2.2.1 255.255.255.0
nat outbound 2000
There is only ip address for P2P with ISP. Usually ISP's block traffic from P2P except it's BGP messages.
I asked about documentation or configuration where I can use ip address on a loopback or other kind of virtual interface as an outbound address for NAT
View more
  • x
  • convention:

Unicef
Unicef Created May 14, 2020 08:24:03 (0) (0)
Hi user I have provide link and related links :)  
(0) (0)
5#
Sapte
Sapte Created May 14, 2020 08:18:47

Hi @Kolesa

I got your problem,your problem will solve if you use loopback interface as BGP peer instead phy interface ip addres.

In order to use Loopback interface you have to run below command

peer 10.1.1.1 connect-interface loopback 32


Also i attached below link you can find explenation


https://support.huawei.com/hedex/hdx.do?lib=EDOC1100007341NEH0305P&docid=EDOC1100007341&lang=en&v=09&tocLib=EDOC1100007341NEH0305P&tocV=09&id=dc_cfg_bgp_0006&tocURL=resources/dc/dc_cfg_bgp_0006.html&p=t&fe=1&ui=3&keyword=bgp%2Bloopback%2Binterface

View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.