Scribd Logo
Upload

Welcome to Scribd!

  • Huawei Ar1200 Nat Configuration PDF

    Uploaded by

    Hussein Dhafan
    261 views4 pages
    The document describes NAT configuration on a Huawei AR1200 router. It supports various NAT features including static NAT, port address translation, internal servers, and NAT application layer gateway. The configuration example shows setting up outbound NAT for two LAN networks to share a public IP address pool. A NAT server is configured to allow external access to an internal FTP server using port address translation and the FTP ALG function.

    Original Description:

    Original Title

    huawei-ar1200-nat-configuration.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes NAT configuration on a Huawei AR1200 router. It supports various NAT features including static NAT, port address translation, internal servers, and NAT application layer gateway. The configuration example shows setting up outbound NAT for two LAN networks to share a public IP address pool. A NAT server is configured to allow external access to an internal FTP server using port address translation and the FTP ALG function.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    261 views4 pages

    Huawei Ar1200 Nat Configuration PDF

    Uploaded by

    Hussein Dhafan
    The document describes NAT configuration on a Huawei AR1200 router. It supports various NAT features including static NAT, port address translation, internal servers, and NAT application layer gateway. The configuration example shows setting up outbound NAT for two LAN networks to share a public IP address pool. A NAT server is configured to allow external access to an internal FTP server using port address translation and the FTP ALG function.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Huawei AR1200 NAT configuration

    A short NAT (Network Address Translation) description based on AR1200 documentation:

    Huawei AR1200 supports the following NAT features: static NAT, port address translation (PAT),
    internal server, NAT Application Level Gateway (ALG), NAT filtering, NAT mapping, Easy IP, twice NAT,
    and NAT multi-instance.

    Static NAT

    The number of private addresses is equal to the number of public addresses, so it does not save pull
    of public addresses.

    PAT

    Maps a public address to multiple private addresses.

    Internal Server

    Hosts in the public network can access an internal server.

    Easy IP

    Takes a public IP address of the interface as the source address after NAT is performed.

    Twice NAT

    Translates both the source and destination addresses. Using in the scenario where IP addresses of
    hosts on private and public networks overlap.

    NAT multi-instance

    Allows users on private networks to access the public network and allows users in different VPNs to
    access the public network through the same egress. In addition, users in the VPNs with the same IP
    address can access the public network. Supports association between VPNs and NAT server, and
    allows users on the public network to access hosts in the VPNs. This function is applicable when IP
    addresses of multiple VPNs overlap.

    Lets try to configure NAT based on the below topology:

    1. Users from LAN 10.0.20.0/24 can access internet using a pull of public addresses.
    2. Users from LAN 172.16.10.0/24 can access internet using a public IP of WAN interface.
    3. Users from internet can access internal FTP server 192.168.1.10.
    Configure IP addresses and default routing based on the above topology:

    labnario
    #
    interface Vlanif100
    ip address 10.0.20.2 255.255.255.0
    #
    interface Vlanif200
    ip address 172.16.10.2 255.255.255.0
    #
    interface Ethernet0/0/0
    portswitch
    port link-type access
    port default vlan 100
    #
    interface Ethernet0/0/1
    portswitch
    port link-type access
    port default vlan 200
    #
    interface GigabitEthernet0/0/0
    ip address 201.120.4.1 255.255.255.0
    #
    interface GigabitEthernet0/0/1
    ip address 192.168.1.1 255.255.255.0
    #
    ip route-static 0.0.0.0 0.0.0.0 201.120.4.2

    internet
    #
    interface GigabitEthernet0/0/0
    ip address 201.120.4.2 255.255.255.0
    Configure outbound NAT on labnario router for hosts in both LANs:

    [labnario]acl number 2000


    [labnario-acl-basic-2000] rule 5 permit source 10.0.20.0 0.0.0.255

    [labnario]acl number 2500


    [labnario-acl-basic-2500] rule 5 permit source 172.16.10.0 0.0.0.255

    [labnario]nat address-group 1 201.120.4.100 201.120.4.110

    [labnario]interface GigabitEthernet 0/0/0


    [labnario-GigabitEthernet0/0/0]nat outbound 2000 address-group 1 no-pat
    [labnario-GigabitEthernet0/0/0]nat outbound 2500
    [labnario-GigabitEthernet0/0/0]display this
    #
    interface GigabitEthernet0/0/0
    ip address 201.120.4.1 255.255.255.0
    nat outbound 2000 address-group 1 no-pat
    nat outbound 2500

    No-pat indicates one-to-one NAT, that is, only the IP address is translated and the port number is not
    translated.

    Configure NAT server on labnario router to let external users to have FTP access to internal FTP
    server:

    [labnario-GigabitEthernet0/0/0]nat server protocol tcp global 201.120.4.10 ftp


    inside 192.16.1.10 ftp

    Enable the NAT ALG function for FTP packets:

    [labnario]nat alg ftp enable

    [labnario]display nat alg

    NAT Application Level Gateway Information:


    ----------------------------------
    Application Status
    ----------------------------------
    dns Disabled
    ftp Enabled
    rtsp Disabled
    sip Disabled
    ----------------------------------

    After the NAT ALG function is enabled for an application protocol, packets of the application protocol
    can traverse the NAT server. The application protocol cannot work without the NAT ALG function.

    Lets check if our NAT is configured properly:

    [labnario]display nat outbound


    NAT Outbound Information:
    --------------------------------------------------------------------------
    Interface Acl Address-group/IP/Interface Type
    --------------------------------------------------------------------------
    GigabitEthernet0/0/0 2000 1 no-pat
    GigabitEthernet0/0/0 2500 201.120.4.1 easyip
    --------------------------------------------------------------------------
    Total : 2

    [labnario]dis nat server


    Nat Server Information:
    Interface : GigabitEthernet0/0/0
    Global IP/Port : 201.120.4.10/21(ftp)
    Inside IP/Port : 192.16.1.10/21(ftp)
    Protocol : 6(tcp)
    VPN instance-name : ----
    Acl number : ----
    Description : ----

    Total : 1

    Unfortunately, even NAT commands are supported by eNSP simulator, it does not mean that NAT is
    supported as a whole. Internal hosts cannot communicate with internet and internal FTP server is not
    available for public users as well. But this is what I wanted to show you. You can check this NAT
    configuration on real devices. It should work properly.

    You might also like