NAT (network address translation)
Effect
Convert private address to public address for Internet access
Saving ip
It can hide the internal network and protect the internal network
Private addresses are usually used on the company's internal network
NAT Technology
Static NAT:1 to 1 conversion, converting a private address to a public address
Dynamic NAT: many to many conversion, converting a large number of private addresses to a small number of public addresses
PAT (take NAT): many to one conversion. The configuration of converting a large number of private addresses to a public address static NAT is generally used when publishing intranet servers
Static configuration steps:
1. Which router should I use first?
Exit router
2. Configure NAT conversion:
R2(config)#ip nat inside source static 192.168.20.2 13.1.1.2
3. Specify the inside and outside ports
inside: Gateway interface of internal network R2(config)#int f0/0 R2(config-if)#ip nat outside outside: Outlet interface of exit router R2(config)#int f0/1 R2(config-if)#ip nat inside
4. Test:
debug ip nat undebug ip nat Close undebug all Close all show runnint-config show ip nat ?
5. If it is configured in this way, the source address 192.168.20.100 will be published to the Internet for all services on all servers on this server
To ensure security, we just need to publish the services that need to be published
For example: only publish WEB servers to the public:
R3(config)#ip nat inside source static tcp 192.168.20.100 80 13.1.1.1 80 R3(config)#interface f0/1 R3(config-if)#ip nat inside R3(config)#int f0/0 R3(config-if)#ip nat outside R3(config)#ip nat inside source static tcp 192.168.20.100 53 13.1.1.1 53 R3(config)#ip nat inside source static udp 192.168.20.100 53 13.1.1.1 53
Configuration of dynamic NAT
In essence, it is consistent with static. It is just to define a translation address pool first. When a PC has an outbound connection request, an IP address is taken from the address pool. When the connection is disconnected, the removed IP will be put back into the pool for other PCs to connect outward. The efficiency of dynamic transformation is very high, because a public IP can be used by different sites many times. This is better than static
Make a specific site more efficient. But it is impossible to access a specific internal address with a global address.
1. Configure address pool (public address pool):
R1(config)#ip nat pool zlt 12.1.1.1 12.1.1.10 netmask 255.255.255.0
2. Configure the allowed ACL
R1(config)#access-list 10 permit 192.168.10.0 0.0.0.255
3. Configure NAT conversion (convert list10 to pool zlt)
R1(config)#ip nat inside source list 10 pool zlt overload
4. Configure inside and outside ports
R1(config)#int f0/0 R1(config-if)#ip nat inside R1(config)#int f0/1 R1(config-if)#ip nat outside
PAT (multiplexing NAT)
In many to one transformation, a large number of private addresses are transformed into a public address, and multiple local addresses are mapped to the same global address. Different local addresses are distinguished by port numbers. For example, share the Internet in the local area network.
R1(config)#ip nat pool zlt 12.1.1.1 12.1.1.1 netmask 255.255.255.0 R1(config)#access-list 10 permit 192.168.10.0 0.0.0.255 R1(config)#ip nat inside source list 10 pool zlt overload //Or R1 (config) - access list 10 limit 192.168.10.0 0.0.0.255 R1(config)#ip nat inside source list 10 interface f0/1 overloa R1(config)#int f0/0 R1(config-if)#ip nat inside R1(config)#int f0/1 R1(config-if)#ip nat outside
bianx Published 5 original articles, praised 0, visited 26 Private letter follow