139
Figure 57
Network diagram
Configuration considerations
This is a typical application of bidirectional NAT.
•
To make sure the external host to access the internal Web server by using its domain name,
configure NAT Server so that the external host can access the internal DNS server to obtain the IP
address of the Web server.
•
The IP address of the Web server overlaps with the external host and is included in the response sent
by the internal DNS server to the external host. To make sure the external host reaches the Web
server, configure outbound dynamic NAT with ALG and DNS mapping so that NAT can translate
the Web server's address in the payload to a dynamically assigned NAT address.
•
The external host uses the NAT address as the destination address. When a packet from the external
host arrives at the NAT device, the source IP address overlaps with the real address of the Web
server. Configure inbound dynamic NAT to translate the source IP address to a dynamically
assigned NAT address.
•
The NAT device has no route to the NAT address of the external host. Add a static route to the NAT
address with GigabitEthernet 1/2 as the output interface.
Configuration procedure
# Specify IP addresses for the interfaces. (Details not shown.)
# Enable NAT with ALG and DNS.
<Router> system-view
[Router] nat alg dns
# Configure ACL 2000, and create a rule to permit packets only from segment 192.168.1.0/24 to pass
through.
[Router] acl number 2000
[Router-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[Router-acl-basic-2000] quit
# Create address group 1.
[Router] nat address-group 1
# Add address 202.38.1.2 to the address group.
[Router-nat-address-group-1] address 202.38.1.2 202.38.1.2
[Router-nat-address-group-1] quit
# Create address group 2.
[Router] nat address-group 2
Summary of Contents for MSR 2600 Series
Page 6: ...We appreciate your comments...
Page 33: ...18 AC vlan1 quit...
Page 118: ...103...