115
Figure 50
NAT Server operation
1.
The host in the public network sends a packet destined for the public IP address and port number
of the server in the private network.
2.
When the NAT device receives the packet, it matches the destination address and port number
against the NAT Server mapping. If a match is found, NAT translates the destination address and
port number in the packet to the private IP address and port number of the internal server.
3.
Upon receiving a response packet from the internal server, the NAT device translates the source
private IP address and port number of the packet into the public IP address and port number of the
internal server.
NAT hairpin
NAT hairpin allows internal hosts behind the same NAT device to access each other only after they uses
the NAT addresses. NAT hairpin functions on the interface that connects the internal network and
translates the source and destination IP addresses of a packet on the interface. NAT hairpin can be in
P2P or C/S mode, depending on the scenarios.
P2P
The P2P mode applies to the scenario where users in the internal network can see each other only by
using NAT addresses. In this mode, you must configure outbound PAT on the interface that connects the
external network and enable the EIM mapping behavior mode.
Internal hosts first register their NAT addresses to an external server. Then, the hosts communicate with
each other by using the registered IP addresses.
C/S
NAT hairpin occurs when internal users access internal servers only by using NAT addresses.
The destination IP address of the packet going to the internal server is translated by matching the NAT
Server configurations, and the source IP address is translated by matching the outbound dynamic or
static NAT entries.
192.168.1.3
192.168.1.1
20.1.1.1
20.1.1.2
NAT
Intranet
Internet
Host
Server
Dst : 20.1.1.1:8080
Dst : 192.168.1.3:8080
Src : 192.168.1.3:8080
Src : 20.1.1.1:8080
Before NAT
20.1.1.1:8080
After NAT
192.168.1.3:8080
Direction
Inbound
Summary of Contents for MSR 2600 Series
Page 6: ...We appreciate your comments...
Page 33: ...18 AC vlan1 quit...
Page 118: ...103...