Saturday, November 2, 2019

NAT on HUAWEI ROUTERS (VRP)






STATIC NAT
Common deployment scenario when you have services (HTTP, SMTP, FTP) hosted in your network and required to be accessed from external (internet) users and you have enough public IPs.
[Edge_Router]interface gig0/0/1   // Outgoing interface on which you have assigned public IP
[Edge_Router-GigabitEthernet0/0/1]nat static global 80.80.80.11 inside 172.16.10.11
Verification
< Edge_Router> display nat static

DYNMIC NAT
[Edge_Router]nat address-group 1 80.80.80.31 80.80.80.40
#
[Edge_Router]acl 2001
[Edge_Router-acl-basic-2001]rule 5 permit source 192.168.1.0 0.0.255
#
[Edge_Router]interface gig0/0/1
[Edge_Router-GigabitEthernet0/0/1]nat outbound 2001 address-group 1 no-pat
Verification
<Edge_Router> display acl 2001
<Huawei>display  nat address-group

DYNMIC NAT with PAT
Common deployment scenario is when you want to give your whole company users (which are usually more than four thousand plus) access to the internet.
[Edge_Router] nat address-group 1 80.80.80.11 80.80.80.20
#
[Edge_Router]acl 2001
[Edge_Router-acl-basic-2001]rule 5 permit source 192.168.1.0 0.0.255
#
[Edge_Router]interface gig0/0/1
[Edge_Router-GigabitEthernet0/0/1]nat outbound 2001 address-group 1

Verification
<Edge_Router> display acl 2001
<Edge_Router>display  nat address-group

EASY IP
Common deployment scenario is when you want to give your whole company users access to the internet and only one public IP available to you that is also assigned to interface.
[Edge_Router] acl 2001
[Edge_Router-acl-basic-2001]rule 5 permit source 192.168.1.0 0.0.0.255
#
[Edge_Router] interface gig0/0/1
[Edge_Router-GigabitEthernet0/0/1] nat outbound 2001

Verification
<Edge_Router> display acl 2001
<Edge_Router> display nat outbound

NAT INTERNAL SERVER (also known as port forwarding)
Common deployment scenario when you have services (HTTP, SMTP, FTP etc.,) hosted in your network and required to be accessed from external (internet) users and you minimal or singlePublic IP availability.
[Edge_Router] interface gig0/0/1
[Edge_Router-GigabitEthernet0/0/1] nat server protocol tcp global 200.10.10.5 www inside 192.168.1.1 www

Verification
<Edge_Router> display nat server