Configuring NAT for Overlapped Private IP Addresses
Context
Dynamic NAT associated with VPNs applies to the scenario where multiple intranet hosts with the same IP address access a server on the public network at the same time. This method can be implemented in address pool and Easy IP modes.
Static NAT associated with VPNs applies to the scenario where multiple intranet servers with the same IP address provide services for hosts on the public network. This method can be implemented in NAT static and NAT server modes.
Procedure
- Run system-view
The system view is displayed.
- Configure dynamic NAT associated with VPNs in address pool or Easy IP mode.
To configure dynamic NAT associated with VPNs, you need to configure an ACL, create the mapping between a private IP address and a VPN to which the private IP address belongs in the ACL, and apply the ACL to dynamic NAT.
- Run acl [ number ] acl-number [ match-order { auto | config } ]
An ACL with the specified number is created and the ACL view is displayed.
If number is in the range from 2000 to 2999, the ACL is a basic ACL. If number is in the range from 3000 to 3999, the ACL is an advanced ACL.
- Run rule [ rule-id ] { deny | permit } [ source { source-address source-wildcard | any } | vpn-instance vpn-instance-name | [ fragment | none-first-fragment ] | logging | time-range time-name ] * in the basic ACL view
Alternatively, run rule [ rule-id ] { deny | permit } ip [ destination { destination-address destination-wildcard | any } | source { source-address source-wildcard | any } | logging | time-range time-name | vpn-instance vpn-instance-name | [ dscp dscp | [ tos tos | precedence precedence ] * ] | [ fragment | none-first-fragment ] | vni vni-id ] * in the advanced ACL view
A basic ACL or an advanced ACL is configured, and the mapping between a private IP address and the VPN that the address belongs to is created.
- Apply the ACL with VPN information to dynamic NAT in address pool or Easy IP mode. For details, see the configuration of dynamic NAT in address pool and Easy IP modes in Configuring Intranet Hosts to Access Public Networks.
- Run acl [ number ] acl-number [ match-order { auto | config } ]
- Configure static NAT associated with VPNs in NAT static and NAT server modes. During configuration, in addition to creating static NAT mappings between public IP addresses + port numbers and private IP addresses + port numbers, add information about the VPNs to which private IP addresses belong.
Add VPN information when configuring NAT static associated with VPNs. For details, see the configuration of NAT static in the interface view and system view in Configuring Extranet Hosts to Access Intranet Servers.
Add VPN information when configuring NAT server associated with VPNs. For details, see NAT server configuration in Configuring Extranet Hosts to Access Intranet Servers.