Access the Internet through NAT configuration of Huawei Firewall

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/49/A0/wKioL1QW40DARF4WAAFejdzzg7c946.jpg "Title =" 11.jpg" alt = "wkiol1qw40darf4waafejdzzg7c946.jpg"/>

AR1 simulates the Internet and configures an IP address. When configuring a loopback address, AR1 is configured as follows:

Interface gigabitethernet0/0/0
IP address 100.100.100.1 255.255.0
#
Interface loopback1
IP address 200.200.200.1 255.255.255.0

The USG configuration is as follows:

# Configure the Intranet interface and enable DHCP

Interface gigabitethernet0/0/0
IP address 192.168.10.1 255.255.255.0
DHCP Select Interface
DHCP Server Gateway-list 192.168.10.1
DHCP server DNS-list 8.8.8.8

# Add gigabitethernet0/0/0 to the Trust Region

Firewall zone Trust
Add interface gigabitethernet0/0/0

# Configuring Internet interfaces

Interface gigabitethernet0/0/1
IP address 100.100.100.2 255.255.255.0
# Add gigabitethernet0/0/1 to the untrust Region

Firewall zone untrust
Add interface gigabitethernet0/0/1

# Enable the Inter-Domain packet filtering rule,

Policy Interzone trust untrust outbound
Policy 0
Action Permit
Policy source 192.168.10.0 0.0.255
# Configure the default route to ensure that LAN users can access the Internet.

IP route-static 0.0.0.0 0.0.0.0 100.100.100.1

# Configure Nat to allow LAN users to access the Internet

Nat-policy Interzone trust untrust outbound
Policy 1
Action source-Nat
Policy source 192.168.10.0 0.0.255
Easy-IP gigabitethernet0/0/1

Verification Result:

# PC1 Ping 100.100.100.1 and 200.200.200.1

PC> Ping 100.100.100.1
Ping 100.100.100.1: 32 data bytes, press ctrl_c to break
From 100.100.100.1: bytes = 32 seq = 1 TTL = 254 time = 47 MS
From 100.100.100.1: bytes = 32 seq = 2 TTL = 254 time = 31 MS
From 100.100.100.1: bytes = 32 seq = 3 TTL = 254 time = 47 MS
From 100.100.100.1: bytes = 32 seq = 4 TTL = 254 time = 31 MS
From 100.100.100.1: bytes = 32 seq = 5 TTL = 254 time = 31 MS

--- 100.100.100.1 Ping statistics ---
5 packet (s) transmitted
5 packet (s) received
0.00% packet loss
Round-trip min/AVG/max = 31/37/47 MS

PC> Ping 200.200.200.1
Ping 200.200.200.1: 32 data bytes, press ctrl_c to break
From 200.200.200.1: bytes = 32 seq = 1 TTL = 254 time = 62 MS
From 200.200.200.1: bytes = 32 seq = 2 TTL = 254 time = 46 MS
From 200.200.200.1: bytes = 32 seq = 3 TTL = 254 time = 47 MS
From 200.200.200.1: bytes = 32 seq = 4 TTL = 254 time = 47 MS
From 200.200.200.1: bytes = 32 seq = 5 TTL = 254 time = 63 MS

--- 200.200.200.1 Ping statistics ---
5 packet (s) transmitted
5 packet (s) received
0.00% packet loss
Round-trip min/AVG/max = 46/53/63 MS

# Firewall sessions

<SRG> display firewall session table
13:15:06
Current total sessions: 3
Icmp vpn: public --> Public 192.168.10.2: 29142 [100.100.100.2: 2065] --> 200.200.200.1: 2048
Icmp vpn: public --> Public 192.168.10.2: 29398 [100.100.100.2: 2066] --> 200.200.200.1: 2048
Icmp vpn: public --> Public 192.168.10.2: 29654 [100.100.100.2: 2067] --> 200.200.200.1: 2048

This article from the "Dream ◆ it" → wei "blog, please be sure to keep this source http://itxiaowei.blog.51cto.com/5081959/1553021

Access the Internet through NAT configuration of Huawei Firewall