Table of Contents
Advertisement
JunosE 11.3.x IP Services Configuration Guide
Bidirectional NAT
Twice NAT
Network and Address Terms
64
addresses and transport identifiers, to make efficient use of globally registered IP
addresses.
Similar to basic NAT, for outbound packets NAPT translates the source IP address, source
transport identifier, and related checksum fields. For inbound packets NAPT translates
the destination IP address, destination transport identifier, and checksum fields.
Bidirectional (or two-way) NAT adds support to basic NAT for the Domain Name System
(DNS) so public hosts can initiate sessions into the private network, usually to reach
servers intended for public access.
When an outside host attempts to resolve the name of an inside host on a private network,
the NAT router intercepts the DNS reply and installs an address translation to allow the
outside host to reach the inside host by using a public address. When the outside host
initiates a connection with the inside host on the private network, the NAT router translates
that public destination address to the private address of the inside host and, on the return
path, replaces the source address with the advertised public address.
You might need to perform some additional configuration to allow public access from
the Internet to a DNS server that resides in the private domain. (See "Bidirectional NAT
Example" on page 78.)
The same address space requirements and routing restrictions apply to bidirectional
NAT that were described for traditional NAT. The difference between these two methods
is that the DNS exchange might create entries within the translation table.
In twice NAT, both the source and destination addresses are subject to translation as
packets traverse the NAT router in either direction. For example, you would use twice
NAT if you are connecting two networks in which all or some addresses in one network
overlap addresses in another network, whether the network is private or public.
The NAT implementation defines an address realm as either inside or outside, with the
router that is running NAT acting as the defining boundary between the two realms.
From a NAT perspective, an inside network is the local portion of a network that uses
private, not publicly routable IP addresses that you want to translate. An outside network
is the public portion of a network that uses legitimate, publicly routable IP addresses to
which you want private hosts to connect.
The addresses that are translated by NAT between address realms are labeled as inside
or outside, and as local or global. When reading the terms in the following sections, keep
the following definitions in mind:
The terms inside and outside refer to the host that the address is associated with.
The terms local and global refer to the network on which the address appears.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
