No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - IP Service

AR500, AR510, AR531, AR550, AR1500, and AR2500 V200R010

This document describes the concepts and configuration procedures of IP Service features on the device, and provides the configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
NAT Associated with VPNs

NAT Associated with VPNs

NAT allows hosts on private networks to access public networks, hosts in different virtual private networks (VPNs) on a private network to access a public network through the same outbound interface, and hosts with the same IP address in different VPNs to access a public network simultaneously. The NAT also supports NAT server associated with VPNs. It allows a host on a public network to access hosts in different VPNs on a private network, and a host on a public network to access hosts with the IP address in different VPNs on a private network.

Source NAT Associated with VPNs

Source NAT associated with VPNs allows hosts in different VPNs on a private network to access a public network using NAT. Figure 5-6 shows the networking for NAT associated with VPNs.

Figure 5-6  Networking diagram for source NAT associated with VPNs

Source NAT associated with VPNs is implemented as follows:

  1. The IP addresses of host A in VPN 1 and host B in VPN 2 are 10.1.1.1. Host A and host B want to access the same server on the public network.

  2. When a router functions as a NAT device, the router translates the source IP address of the packet sent from host A to 1.1.1.1 and the source IP address of the packet sent from host B to 1.1.2.1. In addition, the router records the VPN information about the hosts in the NAT translation table.

  3. When the response packets sent from the server on the public network to host A and host B pass through the router:
    • The NAT module translates the destination IP address 1.1.1.1 of the packet sent to host A to 10.1.1.1 based on the NAT translation table, and then sends the packet to host A in VPN 1.
    • The NAT module translates the destination IP address 1.1.2.1 of the packet sent to host B to 10.1.1.1 based on the NAT translation table, and then sends the packet to host B in VPN 2.

NAT Server Associated with VPNs

NAT server associated with VPNs allows hosts on a public network to access servers in different VPNs on a private network using NAT.

Figure 5-7  Networking diagram for NAT server associated with VPNs

As shown in Figure 5-7, the IP addresses of server A in VPN 1 and server B in VPN 2 are 10.1.1.1. The public address of server A is 1.1.10.1 and that of server B is 1.1.20.1. Hosts on the public network can access server A using 1.1.10.1 and access server B using 1.1.20.1.

The NAT server associated with VPNs is implemented as follows:

  1. A host on the public network sends a packet with the destination IP address as 1.1.10.1 to server A in VPN 1 and sends a packet with the destination IP address as 1.1.20.1 to server B in VPN 2.

  2. The router functions as the NAT server. Based on the packets' destination IP addresses and VPN information:
    • The router translates the destination address 1.1.10.1 to 10.1.1.1 and sends the packet to server A in VPN 1.
    • The router translates the destination address 1.1.20.1 to 10.1.1.1 and sends the packet to server B in VPN 2.
    In addition, the router records the VPN information in the NAT translation table.
  3. When the response packets sent from server A and server B to the host on the public network pass through the router:
    • The NAT module translates the source IP address 10.1.1.1 of the packet sent from server A to 1.1.10.1 based on the NAT translation table, and sends the packet to the host on the public network.
    • The NAT module translates the source IP address 10.1.1.1 of the packet sent from server B to 1.1.20.1 based on the NAT translation table, and sends the packet to the host on the public network.
Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100034231

Views: 83034

Downloads: 54

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next