R3303-HP HSR6800 Routers Layer 3 - IP Services Configuration Guide
98
Easy IP
Easy IP uses the public IP address of an interface on the device as the translated source address to save
IP address resources, and uses ACLs to permit only certain internal IP addresses to be NATed.
Support for special protocols
Apart from the basic address translation function, NAT also provides an application layer gateway (ALG)
mechanism that supports some special application protocols without requiring the NAT platform to be
modified. This allows for high scalability. The IP addresses or port numbers contained in such protocol
messages need address translation.
The special protocols that NAT supports include FTP, PPTP, ICMP, DNS, ILS, RTSP, H.323, SIP, Netmeeting
3.01, and NBT.
NAT support for MPLS VPNs
NAT allows users from different MPLS VPNs to access external networks through the same outbound
interface, and allows the VPN users to use the same private address space.
1. Upon receiving a request from an MPLS VPN to an external network, NAT replaces the private
source IP address and port number with a public IP address and port number, and records the
MPLS VPN information, such as the protocol type and router distinguisher (RD).
2. When the response packet arrives, NAT replaces the public destination IP address and port
number with the internal IP address and port number, and sends the packet to the target MPLS
VPN.
This feature can also apply to internal servers so that external users can access an internal host of an
MPLS VPN. For example, suppose a host in MPLS VPN 1 needs to provide Web services for the Internet.
It has a private address of 10.110.1.1. To achieve this purpose, configure NAT to use 202.110.10.20 as the
public IP address of the host so that the Internet users can use this IP address to access Web services on
the host.
NAT allows hosts in multiple MPLS VPNs to access each other by using the MPLS VPN information
carried in the external IP address.
NAT configuration task list
Task Remarks
Configuring address translation
Configuring static NAT
Either is required.
Configuring dynamic NAT
Configuring an internal server Required.
Configuring DNS mapping Optional.
Setting NAT connection limits Optional.
If the NAT configuration (address translation or internal server configuration) on an interface is changed,
use the reset session command to manually clear the relevant NAT entries to avoid the following
problems:
• After you delete the NAT-related configuration, address translation can still work for sessions
already created.