MDS 05-6632A01, Rev. F MDS Orbit MCR/ECR Technical Manual 241
Static NAT
3.8.11
Understanding
Static NAT performs translation of a single public (external network) IP address, or entire subnet, to a
private (internal network) IP address or subnet. This can be used to make a private host on an internal
network accessible to hosts on the public/external network. This can also be used connect two networks
with overlapping address ranges. In particular, this is useful when connecting multiple remote sites with
same local addressing (e.g. 192.168.1.0/24) to the back-office network (e.g. 172.16.10/24) using IPsec
VPN.
Figure 3-164. Static NAT Example
The figure above shows a network that uses static NAT to prevent routing issues. Two internal subnets
maintain IPsec connections over their respective MCRs' cellular network connection to a VPN gateway
on a back-office network (172.16.1.0/24). Both subnets, which are located in separate sites, have the same
IP address schemes (192.168.1.0/24). Two networks with the same IP addresses would result in routing
issues, so each MCR is configured with static NAT so that the local internal subnet (192.168.1.0/24)
translates to a different external IP address block (local tunnel subnet) for site A and B.
Back office IPsec Configuration
Site-A IPsec Connection:
Local Tunnel Network = 172.16.1.0/24
Remote Tunnel Network = 10.10.1.0/24
Site-B IPsec Connection:
Local Tunnel Network = 172.16.1.0/24
Remote Tunnel Network = 10.10.2.0/24
Site-A IPsec Configuration:
Local Tunnel Network = 10.10.1.0/24
Remote Tunnel Network = 172.16.1.0/24
Static NAT: 10.10.1.0/24 -> 192.168.1.0/24
Site-B IPsec Configuration:
Local Network = 10.10.2.0/24
Remote Network = 172.16.1.0/24
Static NAT: 10.10.1.0/24 (local tunnel network is the external network) -> 192.168.1.0/24 (internal network)
To Next Page
Loading...
