NAT network address translation

NAT (network address translation)
Effect
Convert private address to public address for Internet access
Saving ip
It can hide the internal network and protect the internal network
Private addresses are usually used on the company's internal network

NAT Technology

Static NAT:1 to 1 conversion, converting a private address to a public address
Dynamic NAT: many to many conversion, converting a large number of private addresses to a small number of public addresses
PAT (take NAT): many to one conversion. The configuration of converting a large number of private addresses to a public address static NAT is generally used when publishing intranet servers

Static configuration steps:

1. Which router should I use first?
Exit router
2. Configure NAT conversion:

  R2(config)#ip nat inside source static 192.168.20.2 13.1.1.2

3. Specify the inside and outside ports

  inside: Gateway interface of internal network
  R2(config)#int f0/0
   R2(config-if)#ip nat outside 
  outside: Outlet interface of exit router
  R2(config)#int f0/1
  R2(config-if)#ip nat inside  


4. Test:

     debug ip nat
    undebug ip nat  Close
    undebug all Close all
    show runnint-config 
    show ip nat  ?

5. If it is configured in this way, the source address 192.168.20.100 will be published to the Internet for all services on all servers on this server
To ensure security, we just need to publish the services that need to be published
For example: only publish WEB servers to the public:

    R3(config)#ip nat inside source static tcp 192.168.20.100 80 13.1.1.1 80
    R3(config)#interface f0/1
    R3(config-if)#ip nat inside 
    R3(config)#int f0/0
    R3(config-if)#ip nat outside
    R3(config)#ip nat inside source static tcp 192.168.20.100 53 13.1.1.1 53
   R3(config)#ip nat inside source static udp 192.168.20.100 53 13.1.1.1 53

Configuration of dynamic NAT

In essence, it is consistent with static. It is just to define a translation address pool first. When a PC has an outbound connection request, an IP address is taken from the address pool. When the connection is disconnected, the removed IP will be put back into the pool for other PCs to connect outward. The efficiency of dynamic transformation is very high, because a public IP can be used by different sites many times. This is better than static
Make a specific site more efficient. But it is impossible to access a specific internal address with a global address.
1. Configure address pool (public address pool):

R1(config)#ip nat pool zlt 12.1.1.1 12.1.1.10 netmask 255.255.255.0

2. Configure the allowed ACL

R1(config)#access-list 10 permit 192.168.10.0 0.0.0.255

3. Configure NAT conversion (convert list10 to pool zlt)

R1(config)#ip nat inside source list 10 pool zlt overload 

4. Configure inside and outside ports

R1(config)#int f0/0
R1(config-if)#ip nat inside
R1(config)#int f0/1
R1(config-if)#ip nat outside 

PAT (multiplexing NAT)

In many to one transformation, a large number of private addresses are transformed into a public address, and multiple local addresses are mapped to the same global address. Different local addresses are distinguished by port numbers. For example, share the Internet in the local area network.

R1(config)#ip nat pool zlt 12.1.1.1 12.1.1.1 netmask 255.255.255.0 
R1(config)#access-list 10 permit 192.168.10.0 0.0.0.255
 R1(config)#ip nat inside source list 10 pool zlt overload
 //Or R1 (config) - access list 10 limit 192.168.10.0 0.0.0.255 
R1(config)#ip nat inside source list 10 interface f0/1 overloa
 R1(config)#int f0/0
 R1(config-if)#ip nat inside
 R1(config)#int f0/1
R1(config-if)#ip nat outside
Published 5 original articles, praised 0, visited 26
Private letter follow

Tags: network

Posted on Fri, 31 Jan 2020 14:50:15 -0500 by qaladien