2.15 Configuration Examples.................................................................................................................................68

2.15.1 Example for Configuring the ACL-based Packet Filtering Firewall.....................................................68

2.15.2 Example for Configuring ASPF and Port Mapping..............................................................................71

2.15.3 Example for Configuring the Blacklist..................................................................................................75

2.15.4 Example for Configuring the Transparent Firewall...............................................................................79

3 NAT Configuration.....................................................................................................................83

3.1 NAT Overview.................................................................................................................................................84

3.2 NAT Features Supported by the SPU...............................................................................................................85

3.3 Configuring NAT.............................................................................................................................................88

3.3.1 Establishing the Configuration Task.......................................................................................................88

3.3.2 Configuring an Address Pool..................................................................................................................89

3.3.3 Associating an ACL with an Address Pool.............................................................................................90

3.3.4 Configuring Easy IP................................................................................................................................90

3.3.5 Configuring an Internal NAT Server.......................................................................................................91

3.3.6 Configuring Static NAT..........................................................................................................................91

3.3.7 Enabling NAT ALG................................................................................................................................92

3.3.8 Configuring NAT Filtering......................................................................................................................92

3.3.9 Configuring NAT Mapping.....................................................................................................................93

3.3.10 Configuring DNS Mapping...................................................................................................................94

3.3.11 Configuring Twice NAT.......................................................................................................................94

3.3.12 Checking the Configuration...................................................................................................................95

3.4 Configuration Examples...................................................................................................................................95

3.4.1 Example for Configuring the NAT Server..............................................................................................95

3.4.2 Example for Configuring Static NAT.....................................................................................................99

3.4.3 Example for Configuring Outbound NAT.............................................................................................102

3.4.4 Example for Configuring Twice NAT...................................................................................................106

4 IPSec Configuration..................................................................................................................111

4.1 IPSec Overview..............................................................................................................................................112

4.2 IPSec Features Supported by the SPU............................................................................................................113

4.3 Establishing an IPSec Tunnel Manually.........................................................................................................114

4.3.1 Establishing the Configuration Task.....................................................................................................114

4.3.2 Defining Data Flows to Be Protected....................................................................................................115

4.3.3 Configuring an IPSec Proposal..............................................................................................................115

4.3.4 Configuring an IPSec Policy.................................................................................................................116

4.3.5 Applying an IPSec Policy Group to an interface...................................................................................118

4.3.6 Checking the Configuration...................................................................................................................118

4.4 Establishing an IPSec Tunnel Through IKE Negotiation...............................................................................119

4.4.1 Establishing the Configuration Task.....................................................................................................119

4.4.2 Defining Data Flows to Be Protected....................................................................................................120

4.4.3 Configuring an IKE Proposal................................................................................................................120

Issue 01 (2011-07-15)

Huawei Proprietary and Confidential

Contents

vii

Table of Contents