Table of Contents
Advertisement
JunosE 11.3.x IP Services Configuration Guide
Twice NAT Example
80
Twice NAT is often useful when the inside network is using a nonprivate address space
(unregistered usage of global address space) and you want it to connect to the public
network. Inside local addresses need to be translated to legal global addresses. Legal
addresses from the outside that overlap those used on the inside network need to be
translated to unused and recognizable addresses in the inside network. Both inside source
and outside source translations must be configured on the NAT router.
Figure 8 on page 80 illustrates how the inside network is using the unregistered global
address space of 15.12.0.0/16. Outside hosts whose addresses overlap with this
subnetwork that want to access the inside network need their global addresses translated.
Figure 8: Twice NAT Example
To configure this example:
Enter the correct virtual router context.
1.
host1(config)#virtual-router blue
Mark the inside interface.
2.
host1:blue(config)#interface fast-ethernet 6/1
host1:blue(config-interface)#ip nat inside
host1:blue(config-interface)#exit
Mark the outside Interface.
3.
host1:blue(config)#interface atm 3/0.20
host1:blue(config-interface)#ip nat outside
host1:blue(config-interface)#exit
Create the address pool for inside source translations.
4.
host1:blue(config)#ip nat pool entAoutpool 12.220.1.0 12.220.255.255 prefix-length
16
NOTE: This pool is purposely smaller than the size of the company network
because not all private hosts are likely to access the public network at the
same time.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
