1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE...
  6. Configuration manual

Cross-Vrf Example - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual

Software for e series broadband services routers ip services configuration guide
Hide thumbs
Table of Contents

Advertisement

Cross-VRF Example

Copyright © 2010, Juniper Networks, Inc.
Create the access list for addresses eligible for dynamic translation.
5.
host1:blue(config)#access-list entAout permit 15.12.0.0 0.0.255.255
Create the dynamic translation rule for outbound traffic.
6.
host1:blue(config)#ip nat inside source list entAout pool entAoutpool
Create the address pool for outside source translations.
7.
Using an address range of 10.1.32.0/8 prevents any overlap with the private network
(15.12.0.0/16).
host1:blue(config)#ip nat pool entAinpool 10.1.32.1 10.1.32.255 prefix-length 16
NOTE: This pool is purposely small, allowing for only a few connections.
Configure the access list for global addresses that overlap with inside addresses.
8.
host1:blue(config)#access-list entAin permit 15.12.0.0 0.0.255.255
Create the dynamic translation rule for inbound traffic.
9.
host1:blue(config)#ip nat outside source list entAin pool entAinpool
Create one of the following:
10.
A route to the outside interface for inside hosts to access outside hosts that have
overlapping addresses.
host1:blue(config)#ip route 10.1.32.0 255.255.255.0 atm 3/0.1
NOTE: An inside host cannot directly access hosts on the outside
network that use addresses that overlap with the inside subnetwork.
However, by using outside source translation and DNS name resolution,
the NAT router can install translations so inside hosts can access these
outside hosts by using nonoverlapping addresses.
A default route to the outside interface.
host1:blue(config)#ip route 0.0.0.0 0.0.0.0 atm 3/0.1
Configure a null route for the inside global addresses to prevent routing loops when
11.
no matching translation exists.
host1:blue(config)#ip route 12.220.1.0 255.255.0.0 null 0
In MPLS VPN configurations, you might want to offer public Internet access to VPN
subscribers. MPLS VPNs are enabled through the use of VRFs. If a VPN is using a private
or overlapping address space, you can use NAT to enable access to the public network
because the NAT implementation is both VR and VRF aware. Figure 9 on page 82
illustrates how the subscriber interface feature of the router is used in conjunction with
NAT to connect the VPNs to the public network.
Chapter 2: Configuring NAT
81

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01

Related Content for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01

This manual is also suitable for:

Junose 11.3

Table of Contents