Huawei Pat address translation, and intranet Web server publishing

Experiment name: Huawei Pat address translation, and intranet Web server publishing

Experimental topology diagram:

3. Purpose of the experiment:

1. Transform the intranet through Pat to Sisu network

2. Using static NAT for Port mapping, publishing a Web server

3. Configure the Switch Telnet

4. Address Planning

Client 1--web:192.168.1.2/24

Gateway 192.168.1.254

Client 2:192.168.1.1/24

Gateway 192.168..1.254

LSW1 Management ip:192.168.1.3/24

ar3-Gateway: 192.168.1.254

External network: G0/0/0:100.1.1.1/24

ar4:g0/0/0:100.1.1.2 g0/0/1:100.1.2.254

Client CLIENT4:100.1.2.1/24 for external network

5. Configuration ideas: As far as I know, in the general configuration of the reality, first configure the boundary device, finally configure each terminal, so today my ideas have changed

# First configure the IP address of the AR3 gateway device, and AR4 IP address, as well as the management IP address of the switch, the last IP address of each terminal, then do pat conversion, so that the intranet can sisu network, finally publish intranet Web server, make the outside network can access, Then finally configure the switch Telnet function

6. Operation Procedure:

First configure the IP address of the gateway device AR3

Intface 0/0/1

IP address 192.168.1.254 255.255.255.0

Undo Shutdown

Interace 0/0/0

IP address 100.1.1.1 255.255.255.0

Undo Shutdown

# Configure IP address of AR4

Interface g0/0/0

IP address 100.1.1.2 255.255.255.0

Undo Shutdown

Interface G0/0/1

IP address 100.1.2.254 255.255.255.0

Undo Shutdown

# Configure the IP address of the extranet client

IP address 100.1.2.1 255.255.255.0

Undo Shutdown

# Configure the Management IP address of the switch LSW1

Interface Van 1

IP address 192.168.1.3 255.255.255.0//Huawei Default interface cannot configure IP addresses and can only be configured to virtual ports

#配置web服务器的ip地址, and Client2 's IP address

IP address 192.168.1.1 255.255.255.0

Configuration on the gateway 192.168.1.254//Client2

IP address 192.168.1.2 255.255.255.0

IP address of the gateway 192.168.1.254//web Server

# All IP addresses are complete

# Next Configure Pat address translation on the gateway device AR3 so that the intranet can sisu the network

# ACL 2000

Rule 5 Permit Source 192.168.1.0 0.0.0.255//create ACL, address pool allowed for conversion

Interface g0/0/0

Nat Outbund 2000

#再到网关设备上配置去往 default route for 100.1.2.0 network segments

IP route 0.0.0.0 0.0.0.0 100.1.1.2//NAT conversion, go out of the first Anza by the side, and then look at the NAT table, back when the exact opposite

# Use the command display NAT session all test as shown in

#以示说明nat已经将内网地址转化

# Next Configure static NAT, publish intranet Web server

Interface G 0/0/0

NAT server Protocol TCP global current-interface 8080 inside 192.168.1.2 80

Validation and testing, input from the extranet client:

http://100.1.1.1:8080 test: as shown

# Next Configure the switch Telnet feature

# user-interface Vty 0 4

Set Authentication password Simple/cipher 123//simple: Clear text, cipher: Dark text

Protocol Inbound Telnet//Turn on switch telnet function, default is off, the router is open by default

User Privilege level 15//maximum of 15

#在网关设备上远程登录LSW1, as shown in

Telnet 192.168.1.3

#以示说明已经成功

Summary: In fact, the most used in reality is, Pat's dynamic address translation, and static NAT intranet server publishing (that is, port mapping), the other should not be used more

Note: I have a question is, Huawei's switch, I do port mapping on the gateway device, but, from the external network can not remotely manage the intranet switch, but Cisco may, if someone knows the answer, please leave a message below thank you:

_______________________________________________________________________________________________________________ ________________________________________ End

Huawei Pat address translation, and intranet Web server publishing