Outbound Dynamic Nat For Internal-To-External Access (Non-Overlapping Addresses) - H3C MSR 2600 Configuration Manual
Layer 3
Hide thumbs
Also See for MSR 2600:
- Installation manual (64 pages) ,
- Probe command reference (28 pages) ,
- Manual (45 pages)
Table of Contents
Advertisement
Outbound dynamic NAT for internal-to-external access
(non-overlapping addresses)
Network requirements
As shown in
202.38.1.2 and 202.38.1.3. Configure outbound dynamic NAT to allow only internal users on segment
192.168.1.0/24 to access the Internet.
Figure 53 Network diagram
Configuration procedure
# Specify IP addresses for the interfaces. (Details not shown.)
# Configure address group 0, and add an address member from 202.38.1.2 to 202.38.1.3.
<Router> system-view
[Router] nat address-group 0
[Router-nat-address-group-0] address 202.38.1.2 202.38.1.3
[Router-nat-address-group-0] quit
# Configure ACL 2000, and create a rule to permit packets only from segment 192.168.1.0/24 to pass
through.
[Router] acl number 2000
[Router-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[Router-acl-basic-2000] quit
# Enable outbound dynamic PAT on interface GigabitEthernet 1/2. The source IP addresses of the
packets permitted by the ACL rule is translated into the addresses in address group 0.
[Router] interface gigabitethernet 1/2
[Router-GigabitEthernet1/2] nat outbound 2000 address-group 0
[Router-GigabitEthernet1/2] quit
Verifying the configuration
After completing the configurations, Host A can access the WWW server, while Host B cannot.
# Display all NAT configuration and statistics.
[Router] display nat all
NAT address group information:
There are 1 NAT address groups.
Group Number
Figure
53, a company has a segment address 192.168.0.0/16 and two public IP addresses
Start Address
End Address
129
- Quick Links:
- Command Conventions
- Configuring Ip Addressing
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
