CISCO Router Network Address Translation (NAT)
Tutorial name: Cisco Router Network Address Translation (NAT) objective: to connect all Intranet IP addresses to the Internet using a small number of public IP addresses. Tutorial Introduction: using NAT technology, when an intranet private address sends data packets to a vro, the private address is converted to a valid public IP address, which allows a large number of Intranet computers to communicate with the Internet through a small number of public IP addresses. NAT solves the problem of IP address depletion and improves the security of the Intranet. Second. configure vro1 1. configure R1 Router # conf t R1 (config) # hostname R1 R1 (config) # int f0/0 R1 (config-if) # ip add 192.168.75.30 255.255.255.0 R1 (config-if) # ip nat inside R1 (config-if) # no shutdo Wn R1 (config-if) # exi R1 (config) # int f1/0 R1 (config-if) # ip add 202.96.0.1 255.255.255.248 R1 (config-if) # ip nat outside R1 (config-if) # no shutdown R1 (config-if) # exi R1 (config) # ip route 0.0.0.0 0.0.0 fastEthernet 1/02. configure R2 R2 # conf t R2 (config) # hostname R2 R2 (config) # int f0/0 R2 (config-if) # ip add 192.168.0.1 255.255.255.0 R2 (config-if) # no shutdown R2 (config-if) # exi R2 (config) # int f1/0 R2 (config-if) # I P add 202.96.0.2 without shutdown R2 (config-if) # no shutdown R2 (config-if) # exi 3. Configure static NAT1. on R1, map PC1 192.168.75.2 to 202.96.0.1 to map PC2 192.168.75.3 to 202.96.0.3 R1 (config) # ip nat inside source static 192.168.75.2 202.96.0.1 R1 (config) # ip nat inside source static 192.168.75.3 202.96.0.32. ping PC3 on PC1 test PC> ping 192.168.0.2 Pinging 192.168.0.2 with 32 bytes of data: Reply from 192.168.0.2: bytes = 32 time = 0 Ms TTL = 126 Reply from 192.168.0.2: bytes = 32 time = 0 ms TTL = 126 Reply from 192.168.0.2: bytes = 32 time = 9 ms TTL = 126 Reply from 192.168.0.2: bytes = 32 time = 0 ms TTL = 126 Ping statistics for 192.168.0.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss ), approximate round trip times in milli-seconds: Minimum = 0 ms, Maximum = 9 ms, Average = 2ms3. ping PC3 on PC2 test PC> ping 192.168.0.2 Pinging 192.168.0.2 32 bytes of data: Reply from 192.168.0.2: bytes = 32 time = 1 ms TTL = 126 Reply from 192.168.0.2: bytes = 32 time = 0 ms TTL = 126 Reply from 192.168.0.2: bytes = 32 time = 0 ms TTL = 126 Reply from 192.168.0.2: bytes = 32 time = 0 ms TTL = 126 Ping statistics for 192.168.0.2: Packets: Sent = 4, Received = 4, lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0 ms, Maximum = 1 ms, Average = 0ms4. in the vro View R1 # sh ip nat translations Pro Inside global Inside local Outside global --- 202.96.0.1 192.168.75.2 --- 202.96.0.3 192.168.75.3 --- R1 # sh ip nat translations Pro Inside global Inside local Outside local Outside global icmp 202.96.0.1: 73 192.168.75.2: 73 192.168.0.2: 73 192.168.0.2: 73 icmp 202.96.0.1: 74 192.168.75.2: 74 192.168.0.2: 74 192.168.0.2: 74 icmp 202.96.0.1: 75 1 92.1675.2: 75 192.168.0.2: 75 192.168.0.2: 75 icmp 202.96.0.1: 76 192.168.75.2: 76 192.168.0.2: 76 192.168.0.2: 76 icmp 202.96.0.3: 45 192.168.75.3: 45 192.168.0.2: 45 192.168.0.2: 45 icmp priority: 46 192.168.75.3: 46 192.168.0.2: 46 192.168.0.2: 46 icmp 202.96.0.3: 47 192.168.75.3: 47 192.168.0.2: 47 192.168.0.2: 47 icmp flood: 48 192.168.75.3: 48 192.168.0.2: 48 192.168.0.2: 48 --- 202.96.0.1 192.168.75.2 -- ---- 202.96.0.3 192.168.75.3 --- Summary The intranet computer is mapped to a public IP address one by one. This method can be used to access a specific Intranet network device from the Internet, but the security is poor, low Value in actual use 4. Configure dynamic NAT1. remove two static ip maps from router R1 (config) # no ip nat inside source static 192.168.75.2 202.96.0.1 R1 (config) # no ip nat inside source static 192.168.75.3 202.96.0.32. configure the ACL R1 (config) that contains all Intranet IP addresses on the router R1 # access-list 1 permit 192.168.75.0 0.0.2553. configure a valid ip address pool R1 (config) # ip nat pool abc 202.96.0.1 202.96.0. 6. netmask implements 255.255.2484. associate ACL with ip address pool R1 (config) # ip nat inside source list 1 pool abc5. ping PC3 on PC1 to test PC> ping 192.168.0.2 Pinging 192.168.0.2 with 32 bytes of data: Request timed out. reply from 192.168.0.2: bytes = 32 time = 0 ms TTL = 126 Reply from 192.168.0.2: bytes = 32 time = 0 ms TTL = 126 Reply from 192.168.0.2: bytes = 32 time = 2 ms TTL = 126 Ping statistics for 192.168.0.2: Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), Approximate round trip times in milli-seconds: Minimum = 0 ms, Maximum = 2 ms, Average = 0ms6. ping PC3 on PC2 test PC> ping 192.168.0.2 Pinging 192.168.0.2 with 32 bytes of data: Request timed out. reply from 192.168.0.2: bytes = 32 time = 0 ms TTL = 126 Reply from 192.168.0.2: bytes = 32 time = 0 ms TTL = 126 Reply from 192.168.0.2: bytes = 32 time = 0 ms TTL = 126 Ping statistics for 192.168.0.2: Pack Ets: Sent = 4, stored ED = 3, Lost = 1 (25% loss), Approximate round trip times in milli-seconds: Minimum = 0 ms, Maximum = 0 ms, average = 0ms7. view R1 # sh ip nat translations Pro Inside global Inside local Outside global icmp 202.96.0.5: 81 192.168.75.2: 81 192.168.0.2: 81 192.168.0.2: 81 icmp 202.96.0.5: 82 192.168.75.2: 82 192.168.0.2: 82 192.168.0.2: 82 icmp 202.96.0.5: 83 192.168.75.2: 83 192.168.0.2: 83 192.168.0.2: 83 icmp 202.96.0.5: 84 192.168.75.2: 84 192.168.0.2: 84 192.168.0.2: 84 icmp protocol: 5 192.168.75.3: 5 192.168.0.2: 5 192.168.0.2: 5 icmp 202.96.0.4: 6 192.168.75.3: 6 192.168.0.2: 6 192.168.0.2: 6 icmp 202.96.0.4: 7 192.168.75.3: 7 192.168.0.2: 7 192.168.0.2: 7 icmp 202.96.0.4: 8 192.168.75.3: 8 192.168.0.2: 8 192.168.0.2: 8 Summary ing relationships are random, the maximum number of ing numbers is the number of valid public IP addresses configured, but it still cannot meet daily requirements. 5. Port multiplexing PAT1. Add the keyword overload R1 (config) # ip nat inside source list 1 pool abc overload2. after Ping PC3 on PC1 and PC2, view R1 # sh ip nat translations Pro Inside global Inside local Outside global icmp 202.96.0.5: 85 192.168.75.2: 85 192.168.0.2: 85 192.168.0.2: 85 icmp 202.96.0.5: 86 192.168.75.2: 86 192.168.0.2: 86 192.168.0.2: 86 icmp 202.96.0.5: 87 192.168.75.2: 87 192.168.0.2: 87 192.168.0.2: 87 ic Mp route: 88 192.168.75.2: 88 192.168.0.2: 88 192.168.0.2: 88 icmp 202.96.0.5: 10 192.168.75.3: 10 192.168.0.2: 10 192.168.0.2: 10 icmp 202.96.0.5: 11 192.168.75.3: 11 192.168.0.2: 11 192.168.0.2: 11 icmp 202.96.0.5: 12 192.168.75.3: 12 192.168.0.2: 12 192.168.0.2: 12 icmp 202.96.0.5: 9 192.168.75.3: 9 192.168.0.2: 9 192.168.0.2: 9. The Internet addresses accessed by computers on the Intranet are mapped to the same legal public IP address. computers on the Intranet can access the Internet by sharing a public IP address. This is the most practical technology. Extended knowledge 1. Enterprises often need to map a port of a specific Intranet computer to a public network. How can I set it on a Cisco router? Ip nat inside source static tcp 192.168.75.2 80 202.96.0.2 80 extendable ing 80 port is used to publish the website ip nat inside source static tcp 192.168.75.2 3080 202.96.0.2 3389 extendable ing 3389 port is used to connect to the Remote Desktop ip nat inside source static tcp 192.168.75.2 3090 202.96.0.2 3090 extendable ing special port used for software release ip nat inside source static tcp 192.168.75.2 22 202.96.0.2 22 extendable ing 22 port used for SSH remote connection 2. if we only have one public IP address and have allocated it to the F1/0 port of R1, how can we reuse or overload it? R1 (config) # ip nat inside source list 10 interface f1/0 overload // No address pool is set on R1, because there is only one public address, instead, it only overload the address of the F1/0 interface or R1 (config) # ip nat pool abc 202.96.0.1 202.96.0.1 netmask 255.255.255.248 3. how does one calculate the number of NAT translation entries of a router? A nat translation entry occupies 160 bytes of memory. Therefore, the number of NAT translation entries is limited by the memory of the vro.