In this example, the CE router does not perform NAT. It sends both VPN and Internet traffic over the same interface to the PE router. The PE router is connected to a NAT device by means of two interfaces. One interface is configured in the PE router’s VRF table and points to a VPN interface on the NAT device, which can route Internet traffic for the VPN. The other interface is in a default instance; for example, part of public routing table inet.0. There can be a single physical connection between the PE router and the NAT device and multiple logical connections—one for each VRF table and another interface—as part of the global routing table (see Figure 40).
Figure 40: Internet Traffic Routed Through a Separate NAT Device
This example’s topology expands upon that illustrated in Figure 36. The CE router sends both VPN and Internet traffic to Router PE1. VPN traffic is routed based on the VPN routes received by Router PE1. Traffic for everything else is sent to the NAT device using Router PE1’s private interface to the NAT device, which then translates the private addresses and sends the traffic back to Router PE1 using that router’s public interface (see Figure 41).
Figure 41: Internet Traffic Routed Through a NAT Example Topology
The following sections show how to route Internet traffic through a separate NAT device:
 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |