Login
- Table of Contents
-
- 03-Layer 3—IP Services Configuration Guide
- 00-Preface
- 01-ARP configuration
- 02-IP addressing configuration
- 03-DHCP configuration
- 04-DNS configuration
- 05-IP forwarding basics configuration
- 06-Fast forwarding configuration
- 07-IP performance optimization configuration
- 08-UDP helper configuration
- 09-IPv6 basics configuration
- 10-DHCPv6 configuration
- 11-IPv6 fast forwarding configuration
- 12-HTTP redirect configuration
- 13-NAT configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 13-NAT configuration | 93.72 KB |
NAT overview
Network Address Translation (NAT) translates an IP address in the IP packet header to another IP address. Typically, NAT is configured on gateways to enable private hosts to access external networks and external hosts to access private network resources such as a Web server.
Basic NAT concepts
The following describes basic NAT concepts:
· NAT device—A device configured with NAT. Typically, NAT is configured on the edge device that connects the internal and external networks.
· NAT interface—An interface configured with NAT.
· NAT address—A public IP address used for address translation, and this address is reachable from the external network.
· NAT entry—Stores the mapping between a private IP address and a public IP address.
Basic NAT operating mechanism
Figure 1 shows the basic NAT operating mechanism.
2. Upon receiving a response from the server, NAT translates the destination public address to the private address, and forwards the packet to the host.
The NAT operation is transparent to the terminals (the host and the server). NAT hides the private network from the external users and shows that the IP address of the internal host is 20.1.1.1.
Configuring outbound one-to-one static NAT
About this task
Static NAT creates a fixed mapping between a private address and a public address. It supports connections initiated from internal users to the external network and from external users to the internal network. Static NAT applies to regular communications.
For address translation from a private IP address to a public IP address, configure outbound one-to-one static NAT on the interface connected to the external network.
· When the source IP address of an outgoing packet matches the local-ip, the source IP address is translated into the global-ip.
· When the destination IP address of an incoming packet matches the global-ip, the destination IP address is translated into the local-ip.
Procedure
1. Enter system view.
system-view
2. Configure a one-to-one mapping for outbound static NAT.
nat static outbound local-ip global-ip
3. Enter interface view.
interface interface-type interface-number
4. Enable static NAT on the interface.
nat static enable
By default, static NAT is disabled.
Display and maintenance commands for NAT
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
Display NAT sessions. |
display nat session [ { source-ip source-ip | destination-ip destination-ip } * ] [ slot slot-number ] [ verbose ] |
|
Display static NAT mappings. |
display nat static |
|
Clear NAT sessions. |
reset nat session |
NAT configuration examples
Example: Configuring outbound one-to-one static NAT
Network configuration
Configure static NAT to allow the host at 10.110.10.8/24 to access the Internet.
Procedure
# Specify IP addresses for the interfaces on the device. (Details not shown.)
# Configure a one-to-one static NAT mapping between the private address 10.110.10.8 and the public address 202.38.1.100.
<Device> system-view
[Device] nat static outbound 10.110.10.8 202.38.1.100
# Enable static NAT on VLAN-interface 200.
[Device] interface vlan-interface 200
[Device-Vlan-interface200] nat static enable
[Device-Vlan-interface200] quit
Verifying the configuration
# Verify that the host at 10.110.10.8/24 can access the server on the Internet. (Details not shown.)
# Display static NAT configuration.
[Device] display nat static
Static NAT mappings:
Totally 1 outbound static NAT mappings.
IP-to-IP:
Local IP : 10.110.10.8
Global IP : 202.38.1.100
Config status: Active
Interfaces enabled with static NAT:
Totally 1 interfaces enabled with static NAT.
Interface: Vlan-interface200
Service card : ---
Config status: Active
# Display NAT session information.
[Device] display nat session verbose
Initiator:
Source IP/port: 10.110.10.8/42496
Destination IP/port: 202.38.1.111/2048
DS-Lite tunnel peer: -
VPN instance/VLAN ID/VLL ID: -/-/-
Protocol: ICMP(1)
Inbound interface: Vlan-interface100
Responder:
Source IP/port: 202.38.1.111/42496
Destination IP/port: 202.38.1.100/0
DS-Lite tunnel peer: -
VPN instance/VLAN ID/VLL ID: -/-/-
Protocol: ICMP(1)
Inbound interface: Vlan-interface200
State: ICMP_REPLY
Application: INVALID
Start time: 2021-04-13 09:30:49 TTL: 27s
Initiator->Responder: 5 packets 420 bytes
Responder->Initiator: 5 packets 420 bytes
Total sessions found: 1
