The mapping indicates that one overlapping address pool maps one temporary address pool. The
translation rules are as follows:
Temporary address = Start IP address in the temporary address pool + (Overlapping IP address
- Start IP address in the overlapping address pool)
Overlapping address = Start IP address in the overlapping address pool + (Temporary IP address
- Start IP address in the temporary address pool)
When PC2 on the private network accesses PC3 on the public network using the domain name,
packets are processed as follows:
1. PC2 sends a DNS request for resolving the domain name www.web.com of the web server.
After the DNS server resolves the DNS request, the AR150/200 receives the response
packet from the DNS server. The AR150/200 resolves the address 10.0.0.1 in the payload
of the response packet and detects that the address is an overlapping address (it is in the
overlapping address pool). The AR150/200 translates the address 10.0.0.1 into the
temporary address 3.0.0.1, and translates the destination address of the response packet
using basic NAT. Then the AR150/200 sends the packet to PC2.
2. PC2 sends an access request packet with the temporary address 3.0.0.1 corresponding to
www.web.com to access the public network. When the packet reaches the AR150/200, the
AR150/200 translates the source address of the packet using basic NAT and then translates
the destination address (temporary address) to the overlapping address 10.0.0.1.
3. The AR150/200 sends the packet to the WAN-side outbound interface. The packet is then
forwarded to PC3 hop by hop.
4. When the packet sent from PC3 to PC2 reaches the AR150/200, the AR150/200 checks the
source address 10.0.0.1, which is the overlapping address (it is in the overlapping address
pool). The AR150/200 translates the source address to the temporary address 3.0.0.1, and
translates the destination address using basic NAT. Then the AR150/200 sends it to PC2.
Source Address Associated with the VPN Before NAT Is Performed
The NAT-enabled AR150/200 allows users on private networks to access the public network
and allows users in different VPNs to access the public network through the same egress. In
addition, users in the VPNs with the same IP address can access the public network.
NAT Server Associated with VPNs
The NAT-enabled AR150/200 supports association between VPNs and NAT server, and allows
users on the public network to access hosts in the VPNs. This function is applicable when IP
addresses of multiple VPNs overlap.
5.3 Configuring NAT
To implement communication between the private network and the public network through
NAT, use Easy IP for a single user and an address pool for multiple users.
5.3.1 Establishing the Configuration Task
Before configuring NAT, familiarize yourself with the applicable environment, complete the
pre-configuration tasks, and obtain the required data.
Huawei AR150&200 Series Enterprise Routers
Configuration Guide - IP Service 5 NAT Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
109
To Next Page
Loading...
