No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - IP Service

AR500, AR510, AR531, AR550, AR1500, and AR2500 V200R010

This document describes the concepts and configuration procedures of IP Service features on the device, and provides the configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Twice NAT

Twice NAT

Twice NAT refers to translation of both the source and destination IP addresses of a data packet. It is applied to the situation where a private IP address is the same as a public IP address.

Figure 5-8  Networking diagram for twice NAT

The process of twice NAT is described as follows:

  1. Host A with the IP address 1.1.1.1 on the private network wants to access host B with the same IP address on the public network. Host A sends a DNS request to the DNS server on the public network. The DNS server sends a response packet containing the IP address 1.1.1.1 of host B. When the response packet passes through the router, the router performs DNS ALG and translates host B's IP address 1.1.1.1 in the response packet to the unique temporary IP address 3.3.3.1. Then, the router forwards the response packet to Host A.

  2. Host A sends a request packet with the destination IP address as the temporary IP address 3.3.3.1, for accessing host B. When the request packet passes through the router, the router detects that the destination IP address is the temporary IP address, and translates the destination IP address to host B's real IP address 1.1.1.1. Meanwhile, the router translates the source IP address of the request packet to an address in the outbound NAT address pool using outbound NAT. Then, the router forwards the request packet to host B.

  3. Host B sends host A a response packet with the destination IP address as the address in the outbound NAT address pool and the source IP address as the IP address of host B 1.1.1.1. When the response packet passes through the router, the router detects that the source IP address is the same as the real IP address of host A, and translates the source IP address to the temporary IP address 3.3.3.1 using NAT. Meanwhile, the router translates the destination IP address of the response packet to the private IP address 1.1.1.1 of host A. Then, the router forwards the response packet to host A.

Figure 5-9  Networking diagram for twice NAT when multiple VPNs are deployed on a private network

A private network may consist of multiple VPNs and hosts in the VPNs may have the same IP address. When configuring DNS ALG on a router, you need to add the VPN information that is used as the condition for mapping identical IP addresses of the hosts in the VPNs to IP addresses in the temporary address pool. Figure 5-9 shows the networking for twice NAT when multiple VPNs are deployed on a private network. When multiple VPNs are deployed on a private network, the twice NAT process remains unchanged. The source IP address of host A in VPN A is translated to the temporary address 3.3.3.1, and the source IP address of host B in VPN B is translated to the temporary address 4.4.4.1.

Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100034231

Views: 79510

Downloads: 51

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next