162
Destination IP/port: 202.38.1.3/1
DS-Lite tunnel peer: -
VPN instance/VLAN ID/VLL ID: -/-/-
Protocol: UDP(17)
Inbound interface: GigabitEthernet2/0/1
Responder:
Source IP/port: 192.168.1.2/69
Destination IP/port: 202.38.1.3/1024
DS-Lite tunnel peer: -
VPN instance/VLAN ID/VLL ID: -/-/-
Protocol: UDP(17)
Inbound interface: GigabitEthernet2/0/1
State: UDP_READY
Application: TFTP
Start time: 2012-08-15 15:53:36 TTL: 46s
Initiator->Responder: 1 packets 56 bytes
Responder->Initiator: 1 packets 72 bytes
Total sessions found: 1
Twice NAT configuration example
Network requirements
As shown in Figure 71, two departments are in different VPN instances with overlapping addresses.
Configure twice NAT so that Host A and Host B in different departments can access each other.
Figure 71 Network diagram
Requirements analysis
This is a typical application of twice NAT. Both the source and destination addresses of packets
between the two VPNs need to be translated. Configure static NAT on both interfaces connected to
the VPNs on the NAT device.
Configuration procedure
# Specify VPN instances and IP addresses for the interfaces on the router. (Details not shown.)
# Configure a static outbound NAT mapping between 192.168.1.2 in vpn 1 and 172.16.1.2 in vpn 2.
<Router> system-view
[Router] nat static outbound 192.168.1.2 vpn-instance vpn1 172.16.1.2 vpn-instance vpn2
# Configure a static outbound NAT mapping between 192.168.1.2 in vpn 2 and 172.16.2.2 in vpn 1.
[Router] nat static outbound 192.168.1.2 vpn-instance vpn2 172.16.2.2 vpn-instance vpn1
# Enable static NAT on interface GigabitEthernet 2/0/2.
[Router] interface gigabitethernet 2/0/2
[Router-GigabitEthernet2/0/2] nat static enable
To Next Page
Loading...
Need help?
General
