160
Figure 70 Network diagram
Requirements analysis
To meet the network requirements, you must perform the following tasks:
•
Configure outbound dynamic PAT on the interface connected to the external network, so the
internal clients can access the external server for registration.
•
Configure the mapping behavior for PAT as Endpoint-Independent Mapping because the
registered IP address and port number should be accessible for any source address.
•
Enable NAT hairpin on the interface connected to the internal network so that internal clients
can access each other through the public address.
Configuration procedure
# Specify IP addresses for the interfaces on the router. (Details not shown.)
# Configure ACL 2000, and create a rule to permit packets only from subnet 192.168.1.0/24 to be
translated.
<Router> system-view
[Router] acl basic 2000
[Router-acl-ipv4-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[Router-acl-ipv4-basic-2000] quit
# Configure outbound dynamic PAT with Easy IP on interface GigabitEthernet 2/0/2. The IP address
of GigabitEthernet 2/0/2 is used as the public address for the source address translation of the
packets from internal to external.
[Router] interface gigabitethernet 2/0/2
[Router-GigabitEthernet2/0/2] nat outbound 2000
[Router-GigabitEthernet2/0/2] quit
# Configure the Endpoint-Independent Mapping mode for PAT. For packets with the same source
address and port number and permitted by ACL 2000, the source address and port number are
translated to the same public address and port number.
[Router] nat mapping-behavior endpoint-independent acl 2000
# Enable NAT hairpin on interface GigabitEthernet 2/0/1.
[Router] interface gigabitethernet 2/0/1
[Router-GigabitEthernet2/0/1] nat hairpin enable
[Router-GigabitEthernet2/0/1] quit
Verifying the configuration
# Verify that Host A, Host B, and Host C can access each other after they register their IP addresses
and port numbers to the external server. (Details not shown.)
# Display all NAT configuration and statistics.