Twice Nat Configuration Example - HP FlexNetwork MSR2003 Configuration Manual

Destination IP/port: 202.38.1.3/1
DS-Lite tunnel peer: -
VPN instance/VLAN ID/VLL ID: -/-/-
Protocol: UDP(17)
Inbound interface: GigabitEthernet2/0/1
Responder:
Source
Destination IP/port: 202.38.1.3/1024
DS-Lite tunnel peer: -
VPN instance/VLAN ID/VLL ID: -/-/-
Protocol: UDP(17)
Inbound interface: GigabitEthernet2/0/1
State: UDP_READY
Application: TFTP
Start time: 2012-08-15 15:53:36
Initiator->Responder:
Responder->Initiator:
Total sessions found: 1

Twice NAT configuration example

Network requirements
As shown in
Configure twice NAT so that Host A and Host B in different departments can access each other.
Figure 71 Network diagram
Requirements analysis
This is a typical application of twice NAT. Both the source and destination addresses of packets
between the two VPNs need to be translated. Configure static NAT on both interfaces connected to
the VPNs on the NAT device.
Configuration procedure
# Specify VPN instances and IP addresses for the interfaces on the router. (Details not shown.)
# Configure a static outbound NAT mapping between 192.168.1.2 in vpn 1 and 172.16.1.2 in vpn 2.
<Router> system-view
[Router] nat static outbound 192.168.1.2 vpn-instance vpn1 172.16.1.2 vpn-instance vpn2
# Configure a static outbound NAT mapping between 192.168.1.2 in vpn 2 and 172.16.2.2 in vpn 1.
[Router] nat static outbound 192.168.1.2 vpn-instance vpn2 172.16.2.2 vpn-instance vpn1
# Enable static NAT on interface GigabitEthernet 2/0/2.
[Router] interface gigabitethernet 2/0/2
[Router-GigabitEthernet2/0/2] nat static enable
IP/port: 192.168.1.2/69
Figure 71, two departments are in different VPN instances with overlapping addresses.
TTL: 46s
1 packets 56 bytes
1 packets 72 bytes
162