FAQ-How to Advertise the Routes to the Global IP Addresses of the NAT Address Pool and NAT Server

Publication Date:  2015-07-01 Views:  173 Downloads:  0
Issue Description
How to Advertise the Routes to the Global IP Addresses of the NAT Address Pool and NAT Server?
Solution
Generally, the firewall is configured with the NAT address pool and NAT Server, the routes to the global IP addresses need to be advertised, so that packets can be correctly forwarded to the firewall. There are two types of global IP addresses for the NAT address pool and NAT server:

1. The global IP addresses reside on the same network segment as the interface IP address: You only need to advertise the route to the IP address of the interface. Multiple modes are available for advertising the route. For example, you can import and advertise the directly connected route on the upstream device.

2. The global IP addresses reside on different network segments from the interface IP address: To advertise the route of the NAT address pool and NAT Server, you cannot add the network segment to OSPF. Because the global IP address segment is Down for OSPF, the OSPF cannot advertise the proper route. To resolve this problem, configure blackhole routes of the IP addresses in the NAT address pool or of the global IP address of NAT Server and then import static routes to OSPF. Alternatively, you can configure interface-targeted static routes on the upstream device.

END