Bidirectional NAT Example

Figure 7 illustrates how outside hosts can initiate conversations with inside hosts through the use of a DNS server that resides on the inside network.

The inside realm uses basic NAT. The inside network uses a mix of private subnetwork address space (192.168.22/24) and registered public addresses.

Figure 7: Bidirectional NAT Example

To configure this example:

1. Enter the correct virtual router context.

   host1(config)#virtual-router blue

2. Mark the inside interface.

   host1:blue(config)#interface serial 1/1:1/1

   host1:blue(config-interface)#ip nat inside

   host1:blue(config-interface)#exit

3. Mark the outside interface.

   host1:blue(config)#interface gigabitEthernet 3/0.1

   host1:blue(config-interface)#ip nat outside

   host1:blue(config-interface)#exit

4. Create the translation for the DNS.

   host1:blue(config)#ip nat inside source static 192.168.22.2 192.32.6.1

5. Create the address pool for dynamic translations.

   host1:blue(config)#ip nat pool entA192 192.32.6.2 192.32.6.63 prefix-length 24

6. Create the access list for addresses eligible for dynamic translation (that is, private addresses).

   host1:blue(config)#access-list entA permit 192.168.22.0 0.0.0.255

7. Create the dynamic translation rule.

   host1:blue(config)#ip nat inside source list entA pool entA192

8. Configure a default route to the outside interface.

   host1:blue(config)#ip route 0.0.0.0 0.0.0.0 gigabitEthernet 3/0.1

9. Configure a null route for the inside global addresses, to prevent routing loops when no matching translation exists.

   host1:blue(config)#ip route 192.32.6.0 255.255.255.192 null 0

   Note: Null route applies to 192.32.6.0 and 192.32.6.1, which do not exist in the address pool.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.