Topology: internal users --------switch --NE20---------------external users
WEB server ----|
A company uses the external network interface eth3/0/0 of NE20 to access Internet. The company provides WWW services for external users, and the address 22.214.171.124/28 in nat pool is selected as the IP address of the company. The address of external network interface and the one in pool are not in the same network segment, so the external users can use 126.96.36.199/28 to access the internal server, but the internal users cannot use 188.8.131.52/28 to access the internal server.
Configure a static route (ip route 184.108.40.206 32 eth3/0/0) with 32-mask and eth3/0/0 as egress interface for 220.127.116.11/28. When internal users access 18.104.22.168/28 of NE20, the data stream will be exported to the router on external network according to the route (not black hole route), and the router will lead the stream to NE20 according to the return route of 22.214.171.124/28. NE20 will perform reverse NAT if NE20 confirms the stream comes from external network according to source address.
Since the address in pool and the one of external network interface are not in the same network segment, a black hole route (ip route 126.96.36.199 28 null0) is configured in the original configurations of NE20 for the network segment of pool, and it is destined to null0. When internal users access 188.8.131.52/28, NE20 will select egress interface for the data stream according to the black hole route, viz. null0. Therefore, the data packets from private network will be discarded.