Ejemplo de configuración NAT para una dirección IP pública en una instancia de VPN
#
ip vpn-instance INTERNET
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 200:1 import-extcommunity
#
ip vpn-instance HSI
ipv4-family
route-distinguisher 200:1
vpn-target 200:1 export-extcommunity
vpn-target 200:1 100:1 import-extcommunity
#
service-location 1
location slot 1 engine 0
#
service-instance-group ser_group1
service-location 1
#
nat instance nat1 id 1
vpn-nat enable
service-instance-group ser_group1
nat address-group group1 group-id 1 101.0.0.0 101.0.0.5 vpn-instance INTERNET
nat outbound any address-group group1
nat alg all
#
interface Eth-Trunk0.1
description To_access_network
user-vlan 1000 qinq 10
bas
#
access-type layer2-subscriber default-domain authentication huawei
authentication-method bind
vpn-instance HSI
#
#
user-group huawei
#
domain huawei
authentication-scheme huawei
accounting-scheme huawei
ip-pool huawei
vpn-instance HSI
user-group huawei bind nat instance nat1
#
acl number 6001
rule 1 permit ip source user-group huawei
#
traffic classifier c1 operator or
if-match acl 6001
#
traffic behavior b1
nat bind instance nat1
#
traffic policy p5
share-mode
classifier c1 behavior b1
#
traffic-policy p1 inbound
#