H3C POLICY NAT 华三策略地址转换

预配置如下:

[r1]

#
sysname r1
#
interface Serial1/0
ip address 20.0.0.1 255.255.255.0
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 10.0.0.254 255.255.255.0
#
ip route-static 0.0.0.0 0 20.0.0.100
#
return

[r2pc]

#
sysname r2pc
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 10.0.0.1 255.255.255.0
#
ip route-static 0.0.0.0 0 10.0.0.254
#
return

[r7isp]

#
sysname r7isp
#
interface Serial1/0
ip address 20.0.0.100 255.255.255.0
#
interface Serial2/0
ip address 20.1.1.100 255.255.255.0
#
interface Serial3/0
ip address 20.2.2.100 255.255.255.0
#
return

[r4]

#
sysname r4
#
interface Serial2/0
ip address 20.1.1.1 255.255.255.0
#
ip route-static 0.0.0.0 0 20.1.1.100
#
return

[r8]

#
sysname r8
#
interface Serial3/0
ip address 20.2.2.1 255.255.255.0
#
ip route-static 0.0.0.0 0 20.2.2.100
#
return

需求场景同一主机，访问不同目的时，源地址转换为不同的地址

企业总部内网 r2pc (10.0.0.1)访问企业分支A 的r4公网接口(20.1.1.1)时，源地址转换为20.0.0.4, 访问企业分支B的r8公网接口(20.2.2.1)时，源地址转换为20.0.0.8。

配置如下：

[r1]

#
interface Serial1/0
ip address 20.0.0.1 255.255.255.0
nat outbound name r2pc-r4 address-group 4
nat outbound name r2pc-r8 address-group 8
#
acl advanced name r2pc-r4
rule 0 permit ip source 10.0.0.1 0 destination 20.1.1.1 0
#
acl advanced name r2pc-r8
rule 0 permit ip source 10.0.0.1 0 destination 20.2.2.1 0
#
nat address-group 4
address 20.0.0.4 20.0.0.4
#
nat address-group 8
address 20.0.0.8 20.0.0.8
#
return

验证：在r2pc 上分别ping r4的 20.1.1.1 和 r8的 20.2.2.1

r1上通过 display nat session verbose 命令查看NAT转换会话表项

r2pc 上ping r4的 20.1.1.1 ，在r4通过debugging ip icmp 和 terminal debugging验证源转换

r2pc 上pingr8的 20.2.2.1 ，在r8通过debugging ip icmp 和 terminal debugging验证源转换