175
Protocol: TCP(6)
Inbound interface: GigabitEthernet2/0/2
Responder:
Source IP/port: 192.168.1.2/8080
Destination IP/port: 202.38.1.3/1025
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: TCP(6)
Inbound interface: GigabitEthernet2/0/1
State: TCP_ESTABLISHED
Application: HTTP
Start time: 2012-08-15 14:53:29 TTL: 3597s
Initiator->Responder: 7 packets 308 bytes
Responder->Initiator: 5 packets 312 bytes
Total sessions found: 1
NAT hairpin in C/S mode configuration example
Network requirements
As shown in Figure 70, the internal FTP server at 192.168.1.4/24 provides services for internal and
external users. The private network uses two public IP addresses 202.38.1.1 and 202.38.1.2.
Configure NAT hairpin in C/S mode to allow external and internal users to access the internal FTP
server by using public IP address 202.38.1.2.
Figure 70 Network diagram
Requirements analysis
To allow external hosts to access the internal FTP server by using a public IP address, configure NAT
Server on the interface connected to the external network.
To allow internal hosts to access the internal FTP server by using a public IP address, perform the
following tasks:
• Enable NAT hairpin on the interface connected to the internal network.
• Configure outbound NAT on the interface where NAT Server is configured. The destination
address is translated by matching the NAT Server. The source address is translated by
matching the outbound NAT.
Internet
Host B
192.168.1.3/24
192.168.1.2/24
Host A
GE2/0/1
192.168.1.1/24
GE2/0/2
202.38.1.1/24
Router
FTP server
192.168.1.4/24
To Next Page
Loading...
Need help?
General
