R0106-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V7)
149
NAT hairpin in P2P mode for access between internal users
Network requirements
In the P2P application, internal clients must register their IP address to the external server and the server
records the registered IP addresses and port numbers of the internal clients. An internal client must
request the IP address and port number of another client from the external server before accessing the
client.
Configure NAT hairpin so that:
• The internal clients can register the same external address to the external server.
• The internal clients can access each other through the IP address and port number obtained from
the server.
Figure 61 Network diagram
Requirements analysis
This is a typical application of NAT hairpin in P2P mode.
• Configure outbound dynamic NAT on the interface that connects the external network so that the
source address of the clients are translated when they register their IP addresses to the external
server.
• Configure PAT of the Endpoint-Independent Mapping mode. The translation of the clients'
addresses is endpoint-independent because the registered IP address and port number should be
accessible for any source address.
• Enable NAT hairpin on the interface that connects the internal network so that internal clients can
access each other through the external address.
Configuration procedure
# Specify IP addresses for the interfaces. (Details not shown.)
# Configure ACL 2000, and create a rule to permit packets only from segment 192.168.1.0/24 to be
translated.
<Router> system-view
[Router] acl number 2000
[Router-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[Router-acl-basic-2000] quit
# Configure outbound dynamic PAT with Easy IP on interface GigabitEthernet 2/1/2. The IP address of
GigabitEthernet 2/1/2 is used as the NAT address for the source address translation of the packets from
internal to external.