Configuring the Network Address Translation (NAT)

Last updated: 2020-03-27 17:28:22

PDF

You can configure IP translation and IP port translation for Direct connect gateway with NAT gateway type, as shown below:

Configuring IP translation

Configuring IP port translation

Rule restriction

  • The original IP must be within the CIDR range of VPC.
  • The mapping IP cannot be within the CIDR range of VPC to which the Direct Connect gateway belongs.
  • The original IP is unique and cannot be replicated. That means an IP in a VPC can only be mapped to one IP.
  • Mapping IP is unique and cannot be replicated. That means multiple IPs in a VPC cannot be mapped to the same IP.
  • Original or destination IP should not be broadcast address (255.255.255.255), Class D address (224.0.0.0-239.255.255.255), and Class E address (240.0.0.0-255.255.255.254).
  • The Local IP transformation of Direct connect gateway supports a maximum of 100 IP mappings and a maximum of 20 ACL rules for each IP mapping. If you need to increase the quota, please submit Submit a Ticket ).

Directions

  1. Log in to the Virtual Private Cloud Console .
  2. In Left sidebar, click "Direct connect Gateway" to go to the management page.
  3. Click the ID, of Direct connect gateway whose gateway type is NAT to enter the details page.
  4. In the Direct connect gateway details page, select the "Local IP conversion" tab to configure Local IP conversion.
  5. In the upper left corner of the IP mapping page, click "add" to add Local IP mapping.
  6. In Pop-up window, enter the original IP, mapping IP and comments, and click "OK".
  7. (optional) when adding Local IP mapping, the ACL rule that allows all entry and exit of Traffic is added by default, that is, Local IP transformation takes effect on all dedicated tunnel. You can edit the ACL rule of Local IP transformation to change the scope of application of Local IP transformation.

When the Direct Connect gateway is also configured with Peer IP Translation , the Destination IP Of the ACL rule for local IP translation should be the Mapping IP of peer IP translation , instead of the original IP.

  • Local IP translation ACL rules support the configuration of Protocol (supports TCP or UDP), source port, destination IP, and destination port, where if port and IP are left empty, they represent ALL;. When Protocol selects ALL, both port and IP are selected ALL by default.
  1. On the IP mapping page, click Edit ACL Rule to the right of the line where the IP map is located to enter the editing state of the ACL rule.

  2. Click add a row at the bottom of the existing ACL rule, and then click Save after the ACL rule is added.

  3. (optional) when ACL rules are edited, you can modify or delete existing ACL rules. When the operation is completed, click Save.

  4. (optional) you can also click < img directly on the IP mapping page

  5. Style= "margin:-3px 0pxscape widthIP 15px" > show more mapping rule, click modify or Delete to the right of the line where the rule resides. After the operation is completed, confirm the operation.

  6. (optional) if you need to modify Local IP mapping, on the IP mapping page, click modify IP Mapping to the right of the line where the IP mapping is located to modify the original IP, mapping IP and remarks of Local IP mapping. After clicking OK, the IP mapping will take effect.

  7. (optional) if you need to delete Local's IP mapping, on the IP mapping page, click "Delete" to the right of the line where the IP mapping is located, and confirm the action. After the IP mapping is deleted, the ACL rule under the IP mapping will be deleted.

Configuring IP port translation

Rule restriction

  • The mapping IP cannot be within the CIDR range of VPC to which the Direct Connect gateway belongs.
  • The original IP is unique and cannot be replicated. That means a peer IP of the Direct Connect can only be mapped to one IP.
  • Mapping IP is unique and cannot be replicated. That means multiple peer IPs of the Direct Connect cannot be mapped to the same IP.
  • Original or destination IP should not be broadcast address (255.255.255.255), Class D address (224.0.0.0-239.255.255.255), and Class E address (240.0.0.0-255.255.255.254).
  • The opposite IP conversion of Direct connect Gateway supports a maximum of 100IP mappings (if you need to increase the quota, please submit Submit a Ticket ).

Directions

  1. Log in to the Virtual Private Cloud Console .

  2. In Left sidebar, click "Direct connect Gateway" to go to the management page.

  3. Click the ID, of Direct connect gateway whose gateway type is NAT to enter the details page.

  4. In the Direct connect gateway details page, select the "opposite IP conversion" tab to configure opposite IP conversion.

  5. In the upper left corner of the IP mapping page, click "add" to add opposite IP mapping.

  6. In Pop-up window, enter the original IP, mapping IP and comments, and click "OK".

  7. (optional) if you need to modify opposite IP mapping, on the IP mapping page, click "modify IP Mapping" to the right of the line where the IP mapping is located to modify the original IP, mapping IP and remarks of opposite IP mapping. After clicking "OK", opposite IP mapping takes effect.

  8. (optional) if you need to delete opposite's IP mapping, on the IP mapping page, click "Delete" to the right of the line where the IP mapping is located, and confirm the action.

Configuring IP port translation

Local Source IP Port Translation

When Local IP translation conflicts with local source IP port translation, Local IP translation is preferred.

Rule restriction

  • The mapping IP cannot be within the CIDR range of VPC to which the Direct Connect gateway belongs.
  • ACL rules for multiple IP address pools should not overlap. Otherwise, this will cause network address translation conflicts.
  • IP addresses between multiple IP addresses should not overlap.
  • IP address pool only supports single IP or continuous IP, and network segment of continuous IP/24 should be consistent, that is, "192.168.0.1-192.168.0.6" is supported but "192.168.0.1-192.168.1.2" not.
  • Original or mapping IP should not be broadcast address (255.255.255.255), Class D address (224.0.0.0 ~ 239.255.255.255), and Class E address (240.0.0.0 ~ 255.255.255.254).
  • The local source IP port translation supports a maximum of 100 mapped IP pools, and each mapped IP pool supports a maximum of 20 ACL rules. If you need to increase the quota, please submit Submit a Ticket ).

Directions

  1. Log in to the Virtual Private Cloud Console .

  2. In Left sidebar, click "Direct connect Gateway" to go to the management page.

  3. Click the ID, of Direct connect gateway whose gateway type is NAT to enter the details page.

  4. In the Direct connect gateway details page, select the "Local Source IP Port Translation" tab to configure the Local source IP port translation.

  5. In the upper left corner of the mapping IP pool page, click add to add a new mapping IP pool.
    CC Protection Settings

  6. In Pop-up window, enter the mapping IP pool (IP or IP segments are supported, and the IP segment format is "A-B") and comments, and click "OK".

  7. The new ACL rule for mapping IP pool is to deny all entry and exit of Traffic. You need to edit the ACL rule to achieve network conversion.

When the Direct Connect gateway is also configured with Peer IP Translation , the Destination IP Of the ACL rule for local source IP port translation should be the Mapping IP of peer IP translation , instead of the original IP.
ACL rules support configuration protocol (TCP or UDP), source IP, source port, destination IP, and destination port.

  1. On the mapping IP pool page, click Edit ACL Rule to the right of the row where the mapping IP pool is located to enter the ACL rule editing state.

  2. Click add a row at the bottom of the existing ACL rule, and then click Save after the ACL rule is added.

  3. (optional) when ACL rules are edited, you can modify or delete existing ACL rules. When the operation is completed, click Save.

  4. Optionally, on the map IP pools page, click Show more maps IP pool rules, and click modify or Delete to the right of the row where the rule resides. After the operation is completed, you can confirm the action.

  5. (optional) if you need to modify the mapped IP pool, on the Mapping IP Pool page, click "modify mapped IP Pool" to the right of the row where the mapped IP pool is located, to modify the IP and comments of the mapped IP pool.

  6. (optional) if you need to delete the mapped IP pool, on the Mapping IP Pool page, click "Delete" to the right of the row where the mapped IP pool is located and confirm the action to delete the mapped IP pool. When the mapped IP pool is deleted, the ACL rule of mapping IP pool Associate will be automatically deleted.

Local Destination IP Port Translation

Rule restriction

  • The original IP must be within the CIDR range of VPC to which the Direct Connect gateway belongs.
  • The original IP port should be unique. In other words, the same IP port within the VPC can only be mapped to one IP port.
    The mapped IP port cannot fall within the CIDR range of the VPC.
  • Mapping IP port should be unique. In other words, multiple IP ports in a VPC cannot be mapped to the same IP port.
    Original IP or mapped IP should not be broadcasting address (255.255.255.255), Class D address (224.0.0.0Mur239.255.255.255), Class E address (240.0.0.0Mur255.255.255.254).
  • Local's destination IP port translation supports a maximum of 100IP port mappings (if you need to increase the quota, please submit Submit a Ticket ).

Directions

  1. Log in to the Virtual Private Cloud Console .

  2. In Left sidebar, click "Direct connect Gateway" to go to the management page.

  3. Click the ID, of Direct connect gateway whose gateway type is NAT to enter the details page.

  4. On the Direct connect gateway details page, select the "Local destination IP Port Translation" tab to configure the Local destination IP port translation.

  5. In the upper left corner of the IP port mapping page, click "add" to add Local destination IP port mapping.

  6. In Pop-up window, select Protocol, enter the original IP port, mapped IP port and remarks, and click "OK".

  7. (optional) if you need to modify the IP port mapping of Local's destination, on the IP port mapping page, click modify IP Port Mapping to the right of the line where the IP port mapping is located, to modify the mapping relationship and remarks of the IP port mapping.

  8. (optional) if you need to delete Local's destination IP port mapping, on the IP port mapping page, click "Delete" to the right of the line where the IP port mapping is located and confirm the action to delete the mapping.