178
Inbound interface: GigabitEthernet2/0/1
State: TCP_ESTABLISHED
Application: FTP
Start time: 2012-08-15 14:53:29 TTL: 3597s
Initiator->Responder: 7 packets 308 bytes
Responder->Initiator: 5 packets 312 bytes
Total sessions found: 1
NAT hairpin in P2P mode configuration example
Network requirements
In the P2P application, internal clients must register their IP address to the external server and the
server records the registered IP addresses and port numbers of the internal clients. An internal client
must request the IP address and port number of another client from the external server before
accessing the client.
Configure NAT hairpin so that:
• The internal clients can register the same public address to the external server.
• The internal clients can access each other through the IP address and port number obtained
from the server.
Figure 71 Network diagram
Requirements analysis
To meet the network requirements, you must perform the following tasks:
• Configure outbound dynamic PAT on the interface connected to the external network, so the
internal clients can access the external server for registration.
• Configure the mapping behavior for PAT as Endpoint-Independent Mapping because the
registered IP address and port number should be accessible for any source address.
• Enable NAT hairpin on the interface connected to the internal network so that internal clients
can access each other through the public address.
Configuration procedure
# Specify IP addresses for the interfaces on the router. (Details not shown.)
# Configure ACL 2000, and create a rule to permit packets only from subnet 192.168.1.0/24 to be
translated.
<Router> system-view
[Router] acl basic 2000
[Router-acl-ipv4-basic-2000] rule permit source 192.168.1.0 0.0.0.255
To Next Page
Loading...
Need help?
General
