160
Outbound dynamic NAT configuration example
(non-overlapping addresses)
Network requirements
As shown in Figure 65, a company has a private address 192.168.0.0/16 and two public IP
addresses 202.38.1.2 and 202.38.1.3. Configure outbound dynamic NAT to allow only internal users
on subnet 192.168.1.0/24 to access the Internet.
Figure 65 Network diagram
Configuration procedure
# Specify IP addresses for the interfaces on the router. (Details not shown.)
# Configure address group 0, and add an address range from 202.38.1.2 to 202.38.1.3 to the group.
<Router> system-view
[Router] nat address-group 0
[Router-address-group-0] address 202.38.1.2 202.38.1.3
[Router-address-group-0] quit
# Configure ACL 2000, and create a rule to permit packets only from subnet 192.168.1.0/24 to pass
through.
[Router] acl basic 2000
[Router-acl-ipv4-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[Router-acl-ipv4-basic-2000] quit
# Enable outbound dynamic PAT on interface GigabitEthernet 2/0/2. The source IP addresses of the
packets permitted by the ACL rule is translated into the addresses in address group 0.
[Router] interface gigabitethernet 2/0/2
[Router-GigabitEthernet2/0/2] nat outbound 2000 address-group 0
[Router-GigabitEthernet2/0/2] quit
Verifying the configuration
# Verify that Host A can access the WWW server, while Host B cannot. (Details not shown.)
# Display all NAT configuration and statistics.
[Router] display nat all
NAT address group information:
Totally 1 NAT address groups.
Address group 0:
Port range: 1-65535
Address information:
To Next Page
Loading...
