data center edge and at the edge of each enterprise site. Note that the Juniper VF 3000 SBC can
provide this NAT function.
Figure 1 - Private-Public-Private Architecture
Another method for WAN connectivity between the enterprise sites and the data center is via a
VPN configuration. Figure 2 illustrates this case. The Juniper VF 3000 SBC here must support
private-private NAT functionality, where the data center equipment is in a private IP address
space and the customer also uses a private IP address space. In this architecture, all the
enterprise customer’s sites, as well as the VPN that interconnects and extends to the edge of the
data center, are part of one private IP address space.
TC; Reviewed:
PV 04/24/2006
Avaya – Proprietary
Use as authorized only pursuant to your signed agreement or
Avaya policy. No other disclosure is permitted or authorized.
4 of 61
Next to the data center, the WAN edge router maps the incoming VPN traffic from the WAN
into an 802.1Q trunk. Each VPN maps to a different VLAN. Note that each VPN belongs to a