Shulou(Shulou.com)06/03 Report--

Huawei dynamic NAT configuration

Test requirements:

1) convert the internal network 10.1.1.0 Universe 24 to the public network address 200.1.1.1Universe 200.1.1.10Universe (visit Server3), and grasp the packet analysis.

2) verify that dynamic NAT is an one-way translation

Environment deployment:

PC1:

IP:10.1.1.1 / 24

GW:10.1.1.254 / 24

Client1:

IP:10.1.1.2 / 24

GW:10.1.1.254 / 24

Client2:

IP:100.1.1.1 / 24

GW:100.1.1.254 / 24

Server1:

IP:10.1.1.11 / 24

GW:10.1.1.254 / 24

Server2:

IP:10.1.1.12 / 24

GW:10.1.1.254 / 24

R1:

GE 0/0/0:

IP:10.1.1.254 / 24

GE 0/0/1:

IP:100.1.1.254 / 24

GE 0/0/2:

IP:200.1.1.14 / 28

Configuration steps:

R1:

[R1] acl 2000 # create a basic ACL list numbered 2000

[R1-acl-basic-2000] rule 50 permit source 10.1.1.0 0.0.0.255

# create an entry with serial number 50 to allow (permit) all hosts from the (source) 10.1.1.0 network segment to pass

[R1-acl-basic-2000] Q # exits ACL mode

[R1] nat address-group 1 200.1.1.1 200.1.1.10

# create a NAT address pool (address-group) 1200.1.1.1-200.1.1.10

[R1] int g 0ram 0ram 2 # enter GE 0max 0max 2 port

[R1-GigabitEthernet0/0/2] nat outbound 2000 address-group 1 no-pat

# enable dynamic NAT on the port, translate the traffic matched by ACL2000 to the port as the source address, and match the traffic out of this egress (outbound), associate the NAT address pool (address-group) 1, and do not do port translation (no-pat), only do address translation.

The result verifies:

Note:

According to the experimental requirements, the rightmost device is Server3, but the one-way dynamic NAT cannot be formed after the configuration is completed, so I replaced the Server3 with AR2240, configured the IP address, and then tested the result. Therefore, when verifying the results, if you find that there is no problem with your configuration after repeated troubleshooting, you can consider whether the problem is caused by the simulator and try to replace the device.

# = #

Huawei static NAT configuration

Test requirements:

1) statically translate the internal addresses 10.1.1.11 and 10.1.1.12 into public network addresses 200.1.1.11 and 200.1.1.12, in order to access the public network (Server3) or be accessed by the public network (Server3), and capture the packet analysis

2) verify that static NAT is bidirectional translation

Environment deployment:

PC1:

IP:10.1.1.1 / 24

GW:10.1.1.254 / 24

Client1:

IP:10.1.1.2 / 24

GW:10.1.1.254 / 24

Client2:

IP:100.1.1.1 / 24

GW:100.1.1.254 / 24

Server1:

IP:10.1.1.11 / 24

GW:10.1.1.254 / 24

Server2:

IP:10.1.1.12 / 24

GW:10.1.1.254 / 24

R1:

GE 0/0/0:

IP:10.1.1.254 / 24

GE 0/0/1:

IP:100.1.1.254 / 24

GE 0/0/2:

IP:200.1.1.14 / 28

Configuration steps:

[R1] int g 0ram 0ram 2 # enter GE 0max 0max 2 port

[R1-GigabitEthernet0/0/2] nat static global 200.1.1.11 inside 10.1.1.11

# configure global (global) static (static) NAT to translate 10.1.1.11 address of private network into 200.1.1.11

[R1-GigabitEthernet0/0/2] nat static global 200.1.1.12 inside 10.1.1.12

# configure global (global) static (static) NAT to translate 10.1.1.12 address of private network into 200.1.1.12

The result verifies:

# = #

Huawei NAPT configuration

Test requirements:

The company requires that the internal network 10.1.1.0 Universe 24 be translated into a public network address 200.1.1.10 Universe 28 online (visit Server3).

Environment deployment:

PC1:

IP:10.1.1.1 / 24

GW:10.1.1.254 / 24

Client1:

IP:10.1.1.2 / 24

GW:10.1.1.254 / 24

Client2:

IP:100.1.1.1 / 24

GW:100.1.1.254 / 24

Server1:

IP:10.1.1.11 / 24

GW:10.1.1.254 / 24

Server2:

IP:10.1.1.12 / 24

GW:10.1.1.254 / 24

R1:

GE 0/0/0:

IP:10.1.1.254 / 24

GE 0/0/1:

IP:100.1.1.254 / 24

GE 0/0/2:

IP:200.1.1.14 / 28

Configuration steps:

[R1] acl 2000 # create a basic ACL list numbered 2000

[R1-acl-basic-2000] rule 50 permit source 10.1.1.0 0.0.0.255

# create an entry with serial number 50 to allow (permit) hosts from the (source) 10.1.1.0 network segment to pass

[R1-acl-basic-2000] Q # exits ACL mode

[R1] nat address-group 1 200.1.1.10 200.1.1.10

# create NAT address pool 1 and specify 200.1.1.10 IP in the pool

[R1] int g 0ram 0ram 2 # enter GE 0max 0max 2 port

[R1-GigabitEthernet0/0/2] nat outbound 2000 address-group 1

# start NAT, use the IP address matched by ACL2000 as the source address of NAT, and apply address pool 1 for address translation

The result verifies:

# = #

Huawei Easy IP configuration

Experimental requirements:

The external interface of the router of the company, G0UniGram2, is a dynamic IP, which requires the internal network 10.1.1.0 Grem24 to access the Internet (visit Server3) by using the external interface G0UniGram2.

Environment deployment:

PC1:

IP:10.1.1.1 / 24

GW:10.1.1.254 / 24

Client1:

IP:10.1.1.2 / 24

GW:10.1.1.254 / 24

Client2:

IP:100.1.1.1 / 24

GW:100.1.1.254 / 24

Server1:

IP:10.1.1.11 / 24

GW:10.1.1.254 / 24

Server2:

IP:10.1.1.12 / 24

GW:10.1.1.254 / 24

R1:

GE 0/0/0:

IP:10.1.1.254 / 24

GE 0/0/1:

IP:100.1.1.254 / 24

GE 0/0/2:

IP:200.1.1.14 / 28

Configuration steps:

[R1] acl 2000 # create a basic ACL list numbered 2000

[R1-acl-basic-2000] rule 50 permit source 10.1.1.0 0.0.0.255

# create an entry with serial number 50 to allow (permit) all hosts from the (source) 10.1.1.0 network segment to pass

[R1-acl-basic-2000] Q # exits ACL mode

[R1] int g 0ram 0ram 2 # enter GE 0max 0max 2 port

[R1-GigabitEthernet0/0/2] nat outbound 2000

# launch NAT, and NAT translate all the IP addresses matched to the basic ACL2000 list as source addresses, and all source addresses will be translated to this port address for public network access

The result verifies:

# = #

Huawei NAT Server configuration

Test requirements:

1) Port 80 of the internal address 10.1.1.11 Client2 24 is statically translated into port 80 of the public network address 200.1.1.11 account 28, so that it can be accessed by the public network (Client2). At the same time, Server1 and Client2 can communicate with each other through ping.

2) Port 21 of the internal address 10.1.1.12Accord24 is statically translated to port 21 of the public network address 200.1.1.12Universe 28, so that it can be accessed by the external network (Client2).

Environment deployment:

PC1:

IP:10.1.1.1 / 24

GW:10.1.1.254 / 24

Client1:

IP:10.1.1.2 / 24

GW:10.1.1.254 / 24

Client2:

IP:100.1.1.1 / 24

GW:100.1.1.254 / 24

Server1:

IP:10.1.1.11 / 24

GW:10.1.1.254 / 24

Server2:

IP:10.1.1.12 / 24

GW:10.1.1.254 / 24

R1:

GE 0/0/0:

IP:10.1.1.254 / 24

GE 0/0/1:

IP:100.1.1.254 / 24

GE 0/0/2:

IP:200.1.1.14 / 28

Configuration steps:

[R1] int g 0ram 0ram 1 # enter GE 0max 0max 1 port

[R1-GigabitEthernet0/0/1] nat server protocol tcp global 200.1.1.12 21 inside 10.1.1.12 21

# create NAT address translation. In global (global) mode, port 21 of TCP protocol (protocol) of 10.1.1.12 is translated into port 21 of TCP protocol (protocol) of 200.1.1.12.

[R1-GigabitEthernet0/0/1] nat server protocol tcp global 200.1.1.11 80 inside 10.1.1.11 80

# create NAT address translation. In global (global) mode, port 80 of TCP protocol (protocol) of 10.1.1.11 is translated to port 80 of TCP protocol (protocol) of 200.1.1.11

[R1-GigabitEthernet0/0/1] nat server protocol icmp global 200.1.1.11 inside 10.1.1.11

# create NAT address translation. In global (global) mode, convert icmp protocol (protocol) of 10.1.1.11 to icmp protocol (protocol) of 200.1.1.11

The result verifies:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.