NAT Hairpinning

NAT hairpinning allows an internal client to forward packets to another internal client using the destination internal client‘s global NAT address. NAT hairpinning is necessary for two internal endpoints to communicate when only their external mapped addresses are known to each other. NAT hairpinning does not require any CLI configuration. The NAT router will NAT the incoming inside packet (source address and port) according to standard NAT rules. The NAT router examines the packet destination IP address and port. If a NAT binding exists for the destination IP address and port, the NAT router forwards the packet to the mapped internal client.

NAT Hairpinning shows an example of NAT hairpinning. In this example, Client1 initiates communication Client2. Client1 sends a packet to the global address mapped to Client2's internal address. Because the NAT router supports NAT hairpinning, it recognizes Client1 as an internal address and the packet destination address as a global address bound to Client2's internal address. The NAT router remaps the packet destination address to Client2's internal address and forwards the packet.

Click to expand in new window
NAT Hairpinning
Graphics/NATHairpinning1.png