Ejemplo de configuración NAT para una dirección IP pública en una instancia de VPN

Ejemplo de configuración NAT para una dirección IP pública en una instancia de VPN

#

ip vpn-instance INTERNET

 ipv4-family

  route-distinguisher 100:1

  vpn-target 100:1 export-extcommunity

  vpn-target 100:1 200:1 import-extcommunity

#

ip vpn-instance HSI

 ipv4-family

  route-distinguisher 200:1

  vpn-target 200:1 export-extcommunity

  vpn-target 200:1 100:1 import-extcommunity

#

service-location 1

 location slot 1 engine 0

#

service-instance-group ser_group1

 service-location 1

#

nat instance nat1 id 1

 vpn-nat enable

 service-instance-group ser_group1

 nat address-group group1 group-id 1 101.0.0.0 101.0.0.5 vpn-instance INTERNET

 nat outbound any address-group group1

 nat alg all

#

interface Eth-Trunk0.1

 description To_access_network

 user-vlan 1000 qinq 10

 bas

 #

  access-type layer2-subscriber default-domain authentication huawei

  authentication-method bind

  vpn-instance HSI

 #

#

user-group huawei

#

 domain huawei

  authentication-scheme huawei

  accounting-scheme  huawei

  ip-pool  huawei

  vpn-instance HSI

  user-group huawei bind nat instance nat1

#

acl number 6001

 rule 1 permit ip source user-group huawei

#

traffic classifier c1 operator or

 if-match acl 6001

#

traffic behavior b1

 nat bind instance nat1

#

traffic policy p5

 share-mode

 classifier c1 behavior b1

#

 traffic-policy p1 inbound

#