Hello!
I would like to raise the following questions:
Are you sure the NAT is being done on the Cisco router and not the Huawei firewall?
NAT 1 multi-forward can be written directly as... You should convert for private network 172.168.0.0, right?
access-list 1 permit 172.168.0.0 0.0.255
ip nat inside source list 1 interface gig0/1 overload
It is not necessary to 'write a pool of addresses, so be more efficient.
Additionally, in the DHCP address pool, you need to add a phrase to exclude the gateway IP address: ip dhcp e 172.168.0.1
Also, the Is Huawei's firewall directly bridged, or is it? Check if there is a route.
CVE-2020-3198, CVE-2020-3205, etc.
1. CVE-2020-3198: This command has a remote code execution vulnerability. An attacker can send malicious data packets vihas UDP port 9700, causing the system to crash and reload.
2. CVE-2020-3205: This command has a command injection vulnerability. An attacker can request an authorization token via a carefully crafted API call to execute any IOxAPI command on the affected device.