Topology: users --------switch --NE20---------------internetl users
WEB server ----|
A company uses the external network interface eth3/0/0 of NE20 to access Internet. The company provides WWW services for external users, and the address x.x.160.101/28 in nat pool is selected as the IP address of the company. The address of external network interface and the one in pool are not in the same network segment, so the internet users can use x.x.160.101/28 to access the internal server, but the users under NE20 cannot use x.x.160.101/28 to access the internal server.
Configure a static route (ip route x.x.160.101 32 eth3/0/0) with 32-ask and eth3/0/0 as egress interface for x.x.160.101/28. When users access x.x.160.101/28 of NE20, the data stream will be exported to the router on external network according to the route (not black hole route), and the router will lead the stream to NE20 according to the return route of x.x.160.101/28. NE20 will perform reverse NAT if NE20 confirms the stream comes from external network according to source address.
Since the address in pool and the one of external network interface are not in the same network segment, a black hole route (ip route x.x.160.96 28 null0) is configured in the original configurations of NE20 for the network segment of pool, and it is destined to null0. When users access x.x.160.101/28, NE20 will select egress interface for the data stream according to the black hole route, viz. null0. Therefore, the data packets from private network will be discarded.