136Interface(out): GigabitEthernet1/1Initiator->Responder: 7 packets 308 bytesResponder->Initiator: 5 packets 312 bytesTotal sessions found: 1NAT Server for external-to-internal access through domainnameNetwork requirementsAs shown in Figure 56, Web server at 0.110.10.2/24 in the internal network provides services forexternal users. A DNS server at 10.110.10.3/24 is used to resolve the domain name of the Web server.The company has two public IP addresses: 202.38.1.2 and 202.38.1.3.Configure NAT Server to allow external users to access the internal Web server by using the domainname.Figure 56 Network diagramConfiguration considerations• To make sure the external host can access the internal DNS server, configure the NAT Server featureto map the internal IP address and port of the DNS server to an external address and port.• Enable DNS with ALG and configure outbound dynamic NAT to translate the internal IP address ofthe Web server in the payload of the DNS response packet to an external IP address.Configuration procedure# Specify IP addresses for the interfaces. (Details not shown.)# Enable NAT with ALG and with DNS. system-view[Router] nat alg dns# Configure ACL 2000, and create a rule to permit packets only from 10.110.10.2 to pass through.[Router] acl number 2000[Router-acl-basic-2000] rule permit source 10.110.10.2 0[Router-acl-basic-2000] quit# Create address group 1.[Router] nat address-group 1
