Support for special protocols, Nat support for mpls vpns, Configuration restrictions and guidelines – H3C Technologies H3C S12500 Series Switches User Manual

Page 111: Nat configuration task list

Advertising
background image

97

Support for special protocols

Apart from the basic address translation function, NAT also provides an application layer gateway (ALG)

mechanism that supports some special application protocols without requiring the NAT platform to be
modified, featuring high scalability. The IP addresses or port numbers contained in such protocol

messages might need address translation.
The special protocols that NAT supports include: File Transfer Protocol (FTP), Internet Control Message

Protocol (ICMP), Domain Name System (DNS), Internet Locator Service (ILS), H.323, Session Initiation
Protocol (SIP), Netmeeting 3.01, and NetBIOS over TCP/IP (NBT).

NAT support for MPLS VPNs

NAT allows users from different MPLS VPNs to access external networks through the same outbound

interface, and allows the VPN users to use the same private address space.

1.

Upon receiving a request from an MPLS VPN to an external network, NAT replaces the private
source IP address and port number with a public IP address and port number, and records the
MPLS VPN information, such as the protocol type and router distinguisher (RD).

2.

When the response packet arrives, NAT replaces the public destination IP address and port
number with the internal IP address and port number, and sends the packet to the target MPLS VPN.

Both NAT and NAPT support MPLS VPNs.

This feature can also apply to internal servers so that external users can access an internal host of an

MPLS VPN. For example, suppose a host in MPLS VPN 1 needs to provide web services for the Internet.
It has a private address of 10.110.1.1. To achieve this purpose, configure NAT to use 202.110.10.20 as the

public IP address of the host so that the Internet users can use this IP address to access web services on

the host.
NAT allows hosts in multiple MPLS VPNs to access each other by using the MPLS VPN information
carried in the external IP address.

Configuration restrictions and guidelines

If the NAT configuration (address translation or internal server configuration) on an interface is changed,

H3C recommends that you save the configuration and reboot the switch (or use the reset nat session
command to manually clear the relevant NAT entries), to avoid problems. The following problems might

occur: after you delete the NAT-related configuration, address translation can still work for sessions

already created. If you configure NAT when NAT is running, the same configuration might have different

results because of different configuration orders.
Make sure all the IP address pools applied to the interfaces do not overlap.

NAT configuration task list

Task Remarks

Configuring address translation

Configuring static NAT

Either is required.

Configuring dynamic NAT

Configuring an internal server

Required.

Configuring DNS mapping

Optional.

Configuring NAT aging time

Optional.

Advertising
This manual is related to the following products:

H3C S9500E Series Switches, H3C MSR 5600, H3C MSR 50, H3C MSR 3600, H3C MSR 30, H3C MSR 2600, H3C MSR 20-2X[40], H3C MSR 20-1X, H3C MSR 930, H3C MSR 900, H3C SecPath F5020, H3C SecPath F5040, H3C VMSG VFW1000

Popular Brands
Popular manuals