Manualshelf

R0106-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
151152153154155156157158159160
146
Destination IP/port: 202.38.1.3/1025
DS-Lite tunnel peer: -
VPN instance/VLAN ID/VLL ID: -/-/-
Protocol: TCP(6)
State: TCP_ESTABLISHED
Application: HTTP
Start time: 2012-08-15 14:53:29 TTL: 3597s
Interface(in) : GigabitEthernet2/1/2
Interface(out): GigabitEthernet2/1/1
Initiator->Responder: 7 packets 308 bytes
Responder->Initiator: 5 packets 312 bytes
Total sessions found: 1
NAT hairpin in C/S mode
Network requirements
As shown in Figure 60, the internal FTP server at 192.168.1.4/24 provides services for internal and
external users.
Configure NAT hairpin in C/S mode to allow external and internal users to access the internal FTP server.
Figure 60 Network diagram
Requirements analysis
This is a typical NAT hairpin application in C/S mode.
Configure NAT Server on the interface that connects the external network to make sure an external
host can access the internal FTP server by using a NAT address.
Enable NAT hairpin on the interface that connects the internal network to make sure internal hosts
can access the internal FTP server by using a NAT address. The destination address is translated by
matching the NAT Server configuration. The source address is translated by matching outbound
dynamic or static NAT configuration on the interface where NAT Server is configured. In this
example, the source address is translated by matching outbound dynamic NAT.
Configuration procedure
# Specify IP addresses for the interfaces. (Details not shown.)
# Configure ACL 2000, and create a rule to permit packets only from segment 192.168.1.0/24 to be
translated.