Manualshelf

R0106-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
151152153154155156157158159160
140
Figure 58 Network diagram
Requirements analysis
To meet the network requirements, perform the following tasks:
To make sure the external host can access the internal DNS server, configure the NAT Server feature
to map the internal IP address and port of the DNS server to an external address and port.
Enable DNS with ALG and configure outbound dynamic NAT to translate the internal IP address of
the Web server in the payload of the DNS response packet to an external IP address.
Configuration procedure
# Specify IP addresses for the interfaces. (Details not shown.)
# Enable NAT with ALG and with DNS.
<Router> system-view
[Router] nat alg dns
# Configure ACL 2000, and create a rule to permit packets only from 10.110.10.2 to pass through.
[Router] acl number 2000
[Router-acl-basic-2000] rule permit source 10.110.10.2 0
[Router-acl-basic-2000] quit
# Create address group 1.
[Router] nat address-group 1
# Add address 202.38.1.3 to the group.
[Router-nat-address-group-1] address 202.38.1.3 202.38.1.3
[Router-nat-address-group-1] quit
# Configure NAT Server on interface GigabitEthernet 2/1/2 to map the address 202.38.1.1 to
10.110.10.3. External users can access the internal DNS server.
[Router] interface gigabitethernet 2/1/2
[Router-GigabitEthernet2/1/2] nat server protocol udp global 202.38.1.2 inside
10.110.10.3 domain
# Enable outbound NO-PAT on interface GigabitEthernet 2/1/2. Use the address in address group 1 to
translate the internal address in DNS response payload, and allow reversible NAT.
[Router-GigabitEthernet2/1/2] nat outbound 2000 address-group 1 no-pat reversible
[Router-GigabitEthernet2/1/2] quit