addresses and transport identifiers, to make efficient use of globally registered IP
addresses.
Similar to basic NAT, for outbound packets NAPT translates the source IP address, source
transport identifier, and related checksum fields. For inbound packets NAPT translates
the destination IP address, destination transport identifier, and checksum fields.
Bidirectional NAT
Bidirectional (or two-way) NAT adds support to basic NAT for the Domain Name System
(DNS) so public hosts can initiate sessions into the private network, usually to reach
servers intended for public access.
When an outside host attempts to resolve the name of an inside host on a private network,
the NAT router intercepts the DNS reply and installs an address translation to allow the
outside host to reach the inside host by using a public address. When the outside host
initiates a connection with the inside host on the private network, the NAT router translates
that public destination address to the private address of the inside host and, on the return
path, replaces the source address with the advertised public address.
You might need to perform some additional configuration to allow public access from
the Internet to a DNS server that resides in the private domain. (See “Bidirectional NAT
Example” on page 78.)
The same address space requirements and routing restrictions apply to bidirectional
NAT that were described for traditional NAT. The difference between these two methods
is that the DNS exchange might create entries within the translation table.
Twice NAT
In twice NAT, both the source and destination addresses are subject to translation as
packets traverse the NAT router in either direction. For example, you would use twice
NAT if you are connecting two networks in which all or some addresses in one network
overlap addresses in another network, whether the network is private or public.
Network and Address Terms
The NAT implementation defines an address realm as either
inside
or
outside
, with the
router that is running NAT acting as the defining boundary between the two realms.
From a NAT perspective, an
inside
network is the local portion of a network that uses
private, not publicly routable IP addresses that you want to translate. An
outside
network
is the public portion of a network that uses legitimate, publicly routable IP addresses to
which you want private hosts to connect.
The addresses that are translated by NAT between address realms are labeled as inside
or outside, and as local or global. When reading the terms in the following sections, keep
the following definitions in mind:
•
The terms
inside
and
outside
refer to the host that the address is associated with.
•
The terms
local
and
global
refer to the network on which the address appears.
Copyright © 2010, Juniper Networks, Inc.
64
JunosE 11.2.x IP Services Configuration Guide
Содержание JUNOSE 11.2.X IP SERVICES
Страница 6: ...Copyright 2010 Juniper Networks Inc vi...
Страница 8: ...Copyright 2010 Juniper Networks Inc viii JunosE 11 2 x IP Services Configuration Guide...
Страница 18: ...Copyright 2010 Juniper Networks Inc xviii JunosE 11 2 x IP Services Configuration Guide...
Страница 22: ...Copyright 2010 Juniper Networks Inc xxii JunosE 11 2 x IP Services Configuration Guide...
Страница 28: ...Copyright 2010 Juniper Networks Inc 2 JunosE 11 2 x IP Services Configuration Guide...
Страница 116: ...Copyright 2010 Juniper Networks Inc 90 JunosE 11 2 x IP Services Configuration Guide...
Страница 144: ...Copyright 2010 Juniper Networks Inc 118 JunosE 11 2 x IP Services Configuration Guide...
Страница 230: ...Copyright 2010 Juniper Networks Inc 204 JunosE 11 2 x IP Services Configuration Guide...
Страница 262: ...Copyright 2010 Juniper Networks Inc 236 JunosE 11 2 x IP Services Configuration Guide...
Страница 294: ...Copyright 2010 Juniper Networks Inc 268 JunosE 11 2 x IP Services Configuration Guide...
Страница 328: ...Copyright 2010 Juniper Networks Inc 302 JunosE 11 2 x IP Services Configuration Guide...
Страница 345: ...PART 2 Index Index on page 321 319 Copyright 2010 Juniper Networks Inc...
Страница 346: ...Copyright 2010 Juniper Networks Inc 320 JunosE 11 2 x IP Services Configuration Guide...
Страница 356: ...Copyright 2010 Juniper Networks Inc 330 JunosE 11 2 x IP Services Configuration Guide...