Comware

Hello everybody,

I'm new on this forum, and I'm a beginner with HPE products. I bought an MSR 954 router to run my network architecture. I got a LAN (100.74.30.0/24 on Ge0/0 interface). 3 computers on this LAN have to communicate (SNMP, ICMP, FTP, ...) with 2 WAN networks.

I would like to NAT these 3 computers on the first WAN (108.74.100.0/24 on Ge0/1 interface), and on the second WAN too (100.74.60.0/24).

I try to use dynamic NAT, with ACL rules and outbound features. When I try to ping a computer from the LAN to 1 WAN, the ping failed. But when I have a look on the NAT session on the router's console interface, the communication seems to work.

I try static NAT to check my routing table on the LAN with one WAN, and it works well. But I can't use this solution with 2 WAN.

Has somebody got an idea with this problem ?

You could see my configuration file below.

Thanks a lot !

Regards,

#
version 7.1.059, Release 0306P30
#
sysname HPE
#
password-recovery enable
#
vlan 1
#
controller Cellular0/0
#
controller Cellular0/1
#
interface NULL0
#
interface GigabitEthernet0/0
port link-mode route
ip address 100.74.30.190 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
ip address 108.74.100.190 255.255.255.0
nat outbound 3000 address-group 1 no-pat
#
interface GigabitEthernet0/2
port link-mode route
ip address 100.74.60.10 255.255.255.0
nat outbound 3001 address-group 2 no-pat
#
interface GigabitEthernet0/3
port link-mode route
#
interface GigabitEthernet0/5
port link-mode route
#
interface GigabitEthernet0/4
port link-mode bridge
#
scheduler logfile size 16
#
line class console
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 63
user-role network-operator
#
snmp-agent
snmp-agent local-engineid 800063A280943FC2EF57EC00000001
snmp-agent community read public
snmp-agent sys-info version all
snmp-agent group v1 groupa read-view public
snmp-agent group v2c groupa read-view public
#
ssh server enable
sftp server enable
#
acl advanced 3000
rule 1 permit source 100.74.30.0 0.0.0.255 destination 108.74.100.0 0.0.0.255
#
acl advanced 3001
rule 1 permit source 100.74.30.0 0.0.0.255 destination 100.74.60.0 0.0.0.255
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
service-type http
authorization-attribute user-role network-operator
authorization-attribute ip 100.74.30.50
#
cwmp
cwmp enable
#
nat log enable
#
nat address-group 1
address 108.74.100.10 108.74.100.12
#
nat address-group 2
address 100.74.60.11 100.74.60.13
#
return

Hi Titiamor,

Thank you for writing.Can you please chedck if the NAT group has been configured with correct IP's and if it does not duplicate with any of the WAN IP's next hop.

Please share the output for display ip routing and display NAT session.

Thanks,

Hi,

Thanks a lot for answering.

I found my mistake. I forgot to add the keyword "ip" on my permit rule in the ACL. Now, it works well.

Thanks.

Regards,

Hi ,

Thank you for confirming back.Please do keep us posted for any further assistance 

Thanks