nat server global inside(NAT instance view)
Function
The nat server global inside command configures an internal server.
The undo nat server global inside command deletes internal server configurations.
By default, no internal server is configured.
This command is supported only on the NetEngine 8000 F1A.
Parameters
| Parameter | Description | Value |
|---|---|---|
| vpn-instance vpn-instance-name |
Specifies the name of a private-network VPN instance to which an internal server belongs. |
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string. |
| inside ip-addr |
Specifies the private IP address of an internal server. |
The value is in dotted decimal notation. |
| extendable |
Indicates the extended NAT server identifier, meaning that an internal server with a private IP address and different public IP addresses can be configured. |
- |
| global ip-addr |
Specifies the public IP address of the internal server. |
The value is in dotted decimal notation. |
Usage Guidelines
Configuration Impact
The internal server function enables a NAT device to translate the public IP address to the private IP address based on a static mapping entry that contains a private IP address, a private port number, a public IP address, and a public port number or a static mapping entry that contains a private IP address and a public IP address.
Precautions
In a NAT scenario, it is recommended that the public IP address of a NAT server be different from that in an address pool. Otherwise, user traffic is incorrectly forwarded.
When you configure the internal server function, note the following:- The must be different from an existing IP address assigned to a device or its interface, preventing IP address conflicts.
- After the outbound parameter is configured, the internal server can take effect only if the internal server user triggers an access attempt and the user table is created.
- Do not configure the outbound parameter, which prevents traffic from being discarded if a public network user initiates an access attempt to visit an internal server.
- After the extendable parameter is configured, the mapping between a pair of a private IP address and a private port number and different pairs of public IP addresses and public port numbers can be configured for an internal server in a NAT instance.
- After the extendable parameter is configured, the command and nat server-mode enable commands are mutually exclusive, and the static source tracing algorithm cannot be bound to the NAT instance.
- After the extendable parameter is configured, a public network-side user cannot access different public IP addresses of the same private network server.
Example
<HUAWEI> system-view [~HUAWEI] ip vpn-instance vpn1 [*HUAWEI-vpn-instance-vpn1] ipv4-family [*HUAWEI-vpn-instance-vpn1-af-ipv4] route-distinguisher 200:1 [*HUAWEI-vpn-instance-vpn1-af-ipv4] vpn-target 101:101 export-extcommunity [*HUAWEI-vpn-instance-vpn1-af-ipv4] vpn-target 101:101 import-extcommunity [*HUAWEI-vpn-instance-vpn1-af-ipv4] commit [~HUAWEI-vpn-instance-vpn1-af-ipv4] quit [~HUAWEI-vpn-instance-vpn1] quit [~HUAWEI] nat instance cpe1 id 1 [*HUAWEI-nat-instance-cpe1] nat server global 10.12.12.12 inside 192.168.12.12 vpn-instance vpn1