PingingLab-5.6 dynamic NAT

5.6 dynamic NAT

Purpose:

1. master the basic preparation of dynamic NAT.

2. Understand the basic features of dynamic NAT.

Tutorial topology:

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/06141LK1-0.png "title =" 5.6.png "/>

Tutorial steps:

1. Configure the IP addresses of each vro Based on the topology in the figure and deploy static and default routes. The configuration is as follows:

On R1

R1 (config) # ip route 0.0.0.0 0.0.0.0 12.1.1.2

On R2

R2 (config) # ip route 192.168.1.0 255.255.255.0 12.1.1.1

R2 (config) # ip route 192.168.2.0 255.255.255.0 12.1.1.1

R2 (config) # ip route 0.0.0.0 0.0.0.0 100.1.23.3

The connectivity test is as follows:

R2 # ping 8.8.8.8

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/33/44 MS

R1 # ping 8.8.8.8 source 192.168.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 192.168.1.1

.....

Success rate is 0 percent (0/5)

As you can see, the edge router can access the Internet, but the Intranet cannot access the Internet. Because the Internet Router does not have a private route to the Intranet, NAT technology is usually required to convert the Intranet address into a public address to implement communication.

2. Deploy dynamic NAT on R2 so that all devices on the Intranet can access the Internet. The configuration is as follows:

① Define Intranet traffic and public address pool

R2 (config) # access-list 1 permit 192.168.1.0 0.0.255

R2 (config) # access-list 2 permit 192.168.2.0 0.0.255

R2 (config) # ip nat pool DNAT 100.1.23.100 100.1.23.200 netmask 255.255.255.0

② Define Internal and External Interfaces

R2 (config) # int f0/0

R2 (config-if) # ip nat inside

R2 (config-if) # exit

R2 (config) # int f1/0

R2 (config-if) # ip nat outside

R2 (config-if) # exit

③ Perform dynamic NAT

R2 (config) # ip nat inside source list 1 pool DNAT

3. Test dynamic NAT as follows:

Debug the NAT process on R2

R2 # debug ip nat

Access the Internet on R1

R1 # ping 8.8.8.8 source 192.168.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 192.168.1.1

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 60/77/124 MS

R1 # ping 8.8.8.8 source 192.168.2.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 192.168.2.1

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 60/69/76 MS

You can see from the above that the Intranet has been able to access the Internet.

View NAT debugging information on R2

R2 #

* Mar1 00:27:01. 063: NAT *: s = 192.168.1.1-> 100.1.23.100, d = 8.8.8.8 [6]

* Mar1 00:27:01. 127: NAT *: s = 8.8.8.8, d = 100.1.23.100-> 192.168.1.1 [6]

* Mar1 00:27:01. 155: NAT *: s = 192.168.1.1-> 100.1.23.100, d = 8.8.8.8 [7]

* Mar1 00:27:01. 187: NAT *: s = 8.8.8.8, d = 100.1.23.100-> 192.168.1.1 [7]

* Mar1 00:27:01. 219: NAT *: s = 192.168.1.1-> 100.1.23.100, d = 8.8.8.8 [8]

* Mar1 00:27:01. 247: NAT *: s = 8.8.8.8, d = 100.1.23.100-> 192.168.1.1 [8]

* Mar1 00:27:01. 279: NAT *: s = 192.168.1.1-> 100.1.23.100, d = 8.8.8.8 [9]

* Mar1 00:27:01. 307: NAT *: s = 8.8.8.8, d = 100.1.23.100-> 192.168.1.1 [9]

* Mar1 00:27:44. 667: NAT *: s = 192.168.2.1-> 100.1.23.101, d = 8.8.8.8 [16]

* Mar1 00:27:44. 719: NAT *: s = 8.8.8.8, d = 100.1.23.101-> 192.168.2.1 [16]

* Mar1 00:27:44. 751: NAT *: s = 192.168.2.1-> 100.1.23.101, d = 8.8.8.8 [17]

* Mar1 00:27:44. 783: NAT *: s = 8.8.8.8, d = 100.1.23.101-> 192.168.2.1 [17]

* Mar1 00:27:44. 815: NAT *: s = 192.168.2.1-> 100.1.23.101, d = 8.8.8.8 [18]

* Mar1 00:27:44. 847: NAT *: s = 8.8.8.8, d = 100.1.23.101-> 192.168.2.1 [18]

* Mar1 00:27:44. 879: NAT *: s = 192.168.2.1-> 100.1.23.101, d = 8.8.8.8 [19]

* Mar1 00:27:44. 907: NAT *: s = 8.8.8.8, d = 100.1.23.101-> 192.168.2.1 [19]

From the debugging process, we can see that different Intranet addresses are flipped to different external addresses.

View NAT translation table on R2

R2 # show ip nat translations

Pro Inside globalInside localOutside localOutside global

Icmp 100.1.23.100: 4192.168.1.1: 48.8.8.8: 48.8.8.8: 4

--- 100.1.23.100192.168.1.1------

Icmp 100.1.23.101: 5192.168.2.1: 58.8.8.8: 58.8.8.8: 5

--- 100.1.23.101192.168.2.1------

The conversion table shows that intranet addresses are mapped to public addresses one by one.

View NAT translation status on R2

R2 # show ip nat statistics

Total active translations: 2 (0 static, 2 dynamic; 0 extended)

Outside interfaces:

FastEthernet1/0

Inside interfaces:

FastEthernet0/0, FastEthernet3/0

Hits: 34Misses: 4

CEF Translated packets: 38, CEF Punted packets: 0

Expired translations: 4

Dynamic mappings:

-- Inside Source

[Id: 2] access-list 1 pool DNAT refcount 2

Pool DNAT: netmask 255.255.255.0

Start 100.1.23.100 end 100.1.23.200

Type generic, total addresses 101, allocated 2 (1%), misses 0

Queued Packets: 0

You can see the status of the public address pool allocation from the above. In this experiment, we can see that dynamic NAT can implement address translation from the Intranet to the Internet and map addresses one to one. However, when the number of Ipv4 addresses is insufficient, this solution does not save on address usage because each private address must correspond to a public address. The subsequent port multiplexing technology can map multiple private addresses to one public address to meet more practical engineering requirements. This experiment is complete.

========================================================== =

PingingLab· High quality ITEducation provider

CCIELab-ITProject Practice · customization of high-end Talents

Shenzhen pinke Information Technology Co., Ltd. · waihuan West Road Station, Guangzhou University City

Sina Weibo :@PingingLab@ PingingLab-Chen xinjie

PingingLabPublic Account: pinginglab

PingingLabTechnical Exchange Group: 240920680

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/06141I195-1.jpg "title =" pinginglab .bmp "/>

This article from the "Chen xinjie network" blog, please be sure to keep this source http://chenxinjie.blog.51cto.com/7749507/1274476