Professional Documents
Culture Documents
Huawei AR1200 supports the following NAT features: static NAT, port address translation (PAT),
internal server, NAT Application Level Gateway (ALG), NAT filtering, NAT mapping, Easy IP, twice NAT,
and NAT multi-instance.
Static NAT
The number of private addresses is equal to the number of public addresses, so it does not save pull
of public addresses.
PAT
Internal Server
Easy IP
Takes a public IP address of the interface as the source address after NAT is performed.
Twice NAT
Translates both the source and destination addresses. Using in the scenario where IP addresses of
hosts on private and public networks overlap.
NAT multi-instance
Allows users on private networks to access the public network and allows users in different VPNs to
access the public network through the same egress. In addition, users in the VPNs with the same IP
address can access the public network. Supports association between VPNs and NAT server, and
allows users on the public network to access hosts in the VPNs. This function is applicable when IP
addresses of multiple VPNs overlap.
1. Users from LAN 10.0.20.0/24 can access internet using a pull of public addresses.
2. Users from LAN 172.16.10.0/24 can access internet using a public IP of WAN interface.
3. Users from internet can access internal FTP server 192.168.1.10.
Configure IP addresses and default routing based on the above topology:
labnario
#
interface Vlanif100
ip address 10.0.20.2 255.255.255.0
#
interface Vlanif200
ip address 172.16.10.2 255.255.255.0
#
interface Ethernet0/0/0
portswitch
port link-type access
port default vlan 100
#
interface Ethernet0/0/1
portswitch
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/0
ip address 201.120.4.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 201.120.4.2
internet
#
interface GigabitEthernet0/0/0
ip address 201.120.4.2 255.255.255.0
Configure outbound NAT on labnario router for hosts in both LANs:
No-pat indicates one-to-one NAT, that is, only the IP address is translated and the port number is not
translated.
Configure NAT server on labnario router to let external users to have FTP access to internal FTP
server:
After the NAT ALG function is enabled for an application protocol, packets of the application protocol
can traverse the NAT server. The application protocol cannot work without the NAT ALG function.
Total : 1
Unfortunately, even NAT commands are supported by eNSP simulator, it does not mean that NAT is
supported as a whole. Internal hosts cannot communicate with internet and internal FTP server is not
available for public users as well. But this is what I wanted to show you. You can check this NAT
configuration on real devices. It should work properly.