检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Enterprise Router Network address translation (NAT) gateway Allows servers in an on-premises data center to access the Internet or provide services that are accessible from the Internet.
Enable NAT traversal on the customer gateway based on the networking. If the customer gateway is connected to the Internet through a NAT device, enable NAT traversal on the customer gateway.
Use the VPN device in the DMZ zone and the NAT traversal technique to establish a VPN connection with the cloud. The configuration details are as follows.
In a NAT traversal scenario, ensure that the source port number is not changed after NAT traversal. The IKE negotiation settings at both ends must be the same.
In a NAT traversal scenario, ensure that the source port number is not changed after NAT traversal. Verify that IKE negotiation parameter settings are consistent at the two ends of the VPN.
Checking the NAT Configurations on the Firewall Check whether the local VPN gateway is behind the NAT device (usually the border firewall).
NAT setting: On the on-premises gateway, disable NAT for the on-premises subnets that will access the VPC subnets.
Has a fixed public IP address, which can be statically configured, or translated through NAT in NAT traversal scenarios (your device is deployed behind a NAT gateway). Most devices are routers and firewalls.
Has a fixed public IP address, which can be statically configured, or translated through NAT in NAT traversal scenarios (your device is deployed behind a NAT gateway). Most devices are routers and firewalls.
Has a fixed public IP address, which can be statically configured, or translated through NAT in NAT traversal scenarios (your device is deployed behind a NAT gateway). Most devices are routers and firewalls.
NAT policies: Do not perform NAT when on-premises subnets access cloud subnets. Interesting traffic: The interesting traffic configurations at both ends of a VPN connection are reversed. The address object name cannot be used for the interesting traffic configured using IKEv2.
NAT policies: Do not perform source NAT on the traffic originated from on-premises subnets to cloud subnets. Interesting traffic: The interesting traffic configurations at both ends are reversed at the two ends of a VPN connection.
Ensure that routes, NAT, and security policies are correctly configured on the device in your on-premises data center. Parent topic: Popular Questions
Ensure that routes, NAT, and security policies are correctly configured on the device in your on-premises data center. Parent topic: Operations on the Console
Ensure that routes, NAT, and security policies are correctly configured on the device in your on-premises data center. Parent topic: Connection or Ping Failure
This public IP address can be statically configured, or translated through NAT in NAT traversal scenarios (your device is deployed behind a NAT gateway).
Has a fixed public IP address, which can be statically configured, or translated through NAT in NAT traversal scenarios (your device is deployed behind a NAT gateway). Most devices are routers and firewalls.
Has a fixed public IP address, which can be statically configured, or translated through NAT in NAT traversal scenarios (your device is deployed behind a NAT gateway). Most devices are routers and firewalls.
Has a fixed public IP address, which can be statically configured, or translated through NAT in NAT traversal scenarios (your device is deployed behind a NAT gateway). Most devices are routers and firewalls.
NAT configuration: Do not perform NAT on the on-premises subnet that is used to access the cloud.
