Cross-VRF Example
Copyright © 2010, Juniper Networks, Inc.
Create the access list for addresses eligible for dynamic translation.
5.
host1:blue(config)#access-list entAout permit 15.12.0.0 0.0.255.255
Create the dynamic translation rule for outbound traffic.
6.
host1:blue(config)#ip nat inside source list entAout pool entAoutpool
Create the address pool for outside source translations.
7.
Using an address range of 10.1.32.0/8 prevents any overlap with the private network
(15.12.0.0/16).
host1:blue(config)#ip nat pool entAinpool 10.1.32.1 10.1.32.255 prefix-length 16
NOTE: This pool is purposely small, allowing for only a few connections.
Configure the access list for global addresses that overlap with inside addresses.
8.
host1:blue(config)#access-list entAin permit 15.12.0.0 0.0.255.255
Create the dynamic translation rule for inbound traffic.
9.
host1:blue(config)#ip nat outside source list entAin pool entAinpool
Create one of the following:
10.
A route to the outside interface for inside hosts to access outside hosts that have
overlapping addresses.
host1:blue(config)#ip route 10.1.32.0 255.255.255.0 atm 3/0.1
NOTE: An inside host cannot directly access hosts on the outside
network that use addresses that overlap with the inside subnetwork.
However, by using outside source translation and DNS name resolution,
the NAT router can install translations so inside hosts can access these
outside hosts by using nonoverlapping addresses.
A default route to the outside interface.
host1:blue(config)#ip route 0.0.0.0 0.0.0.0 atm 3/0.1
Configure a null route for the inside global addresses to prevent routing loops when
11.
no matching translation exists.
host1:blue(config)#ip route 12.220.1.0 255.255.0.0 null 0
In MPLS VPN configurations, you might want to offer public Internet access to VPN
subscribers. MPLS VPNs are enabled through the use of VRFs. If a VPN is using a private
or overlapping address space, you can use NAT to enable access to the public network
because the NAT implementation is both VR and VRF aware. Figure 9 on page 82
illustrates how the subscriber interface feature of the router is used in conjunction with
NAT to connect the VPNs to the public network.
Chapter 2: Configuring NAT
81
Need help?
Do you have a question about the JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 and is the answer not in the manual?
Questions and answers