Case Analysis and configuration of NAT (snat) translation for an enterprise

Source: Internet
Author: User

I. Requirements

, Provincial, municipal, and county routers. County-level routers have routes to the municipal and provincial levels, but the municipal and provincial levels do not reach the county-level route information, which will cause the packages sent by the county level to reach the municipal or provincial routers, however, the data packet is lost because the path cannot be found at the time of return. County-level router R1 is required to access municipal and provincial routers through nat translation technology, but municipal and provincial routers cannot access county-level routers.

Configuration ideas:

Because the city-level and provincial-level route information does not reach the county-level, the data packets sent by the county-level cannot be found back to the path that reaches the 1.0 region. You can configure dynamic NAT translation on R1 to change the source address of the sent packet from the address of the original 192.168.1.0 CIDR block to 192.168.4.1 on interface s0/0, when the data packet is returned, the destination address is changed to 4.1, and the path information is available when the packet reaches 4.1. In this way, the sent data packet can be returned.

Lab environment: cisco 3620

2. Topology

650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" clip_image002 "border =" 0 "alt =" clip_image002 "src =" http://www.bkjia.com/uploads/allimg/131227/014K24347-0.jpg "" 681 "height =" 423 "/>

3. configuration steps

R1

Router & gt; en

Router # config t

Router (config) # line con 0

Router (config-line) # logg sync // log Synchronization

Router (config-line) # no exec-timeout // cancel timeout

Router (config-line) # exit

R1 (config) # int ser 0/0 // interface connecting to the municipal Router

R1 (config-if) # ip add 192.168.4.1 255.255.255.0

R1 (config-if) # no shut

R1 (config) # int ser 0/1 // interface connecting to the provincial Router

R1 (config-if) # ip add 192.168.5.1 255.255.255.0

R1 (config-if) # no shut

R1 (config-if )#

R1 (config-if) # int ser 0/2 // internal Ethernet Interface

R1 (config-if) # ip add 192.168.1.1 255.255.255.0

R1 (config-if) # no shut

R1 (config) # ip access-list extended 101 // The Expanded access control list acl101 defines which network segments are used for address conversion.

R1 (config-ext-nacl) # permit ip 192.168.1.0 0.0.255 192.168.2.0 0.0.0.255 // allow Intranet 1.0 CIDR blocks to access municipal Ethernet

R1 (config-ext-nacl) # ex

R1 (config) # access-list 102 permit ip 192.168.1.0 0.0.255 192.168.3.0 0.0.0.255 // extend the access control list acl102, define the CIDR blocks from 1.0 to the provincial Ethernet 3.0 for address translation

R1 (config) # ip nat pool pool1 192.168.4.1 192.168.4.1 netmask 255.255.255.0 // define the address pool pool1, including the interface s0/0 IP to the municipal Router

R1 (config) # ip nat pool pool2 192.168.5.1 192.168.5.1 netmask 255.255.255.0 // define the address pool pool2, including the interface s0/1 IP address to the provincial Router

R1 (config) # int ser 0/0 // external interface

R1 (config-if) # ip nat outside

R1 (config-if) # int ser0/1 // external interface

R1 (config-if) # ip nat outside

R1 (config-if) # int ser 0/2 // Internal interface

R1 (config-if) # ip nat inside

R1 (config-if) # ex

R1 (config) # ip nat inside source list 101 pool pool1 overload // map acl101 to pool1

R1 (config) # ip nat inside source list 102 pool pool2 overload // map acl102 to pool2

R1 (config) # ip route 192.168.2.0 255.255.255.0 192.168.4.2 // route to municipal Ethernet

R1 (config) # ip route 192.168.3.0 255.255.255.0 192.168.5.2 // route to the provincial Ethernet

R1 (config) # end

R2

Router # config t

Router (config) # line con 0

Router (config-line) # logg sy

Router (config-line) # no exec-timeout

Router (config-line) # exit

Router (config) # host R2

R2 (config) # int s0/0 // interface connected to the county-level Router

R2 (config-if) # ip add 192.168.4.2 255.255.255.0

R2 (config-if) # no shut

R2 (config-if) # int ser 0/1 // interface connected to internal Ethernet

R2 (config-if) # ip add 192.168.2.1 255.255.255.0

R2 (config-if) # no shut

R3

Router # config t

Router (config) # line con 0

Router (config-line) # logg sy

Router (config-line) # no exec-timeout

Router (config-line) # exit

Router (config) # host R3

R3 (config) # int ser 0/1 // interface connected to the county-level Router

R3 (config-if) # ip add 192.168.5.1 255.255.255.0

R3 (config-if) # no shut

R3 (config-if) # ip add 192.168.5.2 255.255.255.0

R3 (config-if) # int ser 0/0 // interface connected to internal Ethernet

R3 (config-if) # ip add 192.168.3.1 255.255.255.0

R3 (config-if) # no shut

R4

Router # config t

Router (config) # line con 0

Router (config-line) # logg sy

Router (config-line) # no exec-timeout

Router (config-line) # exit

Router (config) # host R4

R4 (config) # int ser 0/2

R4 (config-if) # ip add 192.168.1.100 255.255.255.0

R4 (config-if) # no shut

R4 (config-if )#

R4 (config-if) # ex

R4 (config) # ip route 0.0.0.0 0.0.0.0 192.168.1.1 // configure the gateway address as 192.168.1.1

R4 (config) # end

R5

Router & gt; en

Router # config t

Router (config) # line con 0

Router (config-line) # logg sy

Router (config-line) # no exec-timeout

Router (config-line) # exit

Router (config) # host R5

R5 (config) # int ser 0/1

R5 (config-if) # ip add 192.168.2.100 255.255.255.0

R5 (config-if) # no shut

R5 (config-if) # ex

R5 (config) # ip route 0.0.0.0 0.0.0.0 192.168.2.1 // configure the gateway address as 192.168.2.1

R5 (config) # end

R6

Router & gt; en

Router # config t

Router (config) # line con 0

Router (config-line) # logg sy

Router (config-line) # no exec-timeout

Router (config-line) # exit

Router (config) # sys

Router (config) # host

Router (config) # hostname R6

R6 (config) # int ser 0/0

R6 (config-if) # ip add 192.168.3.100 255.255.255.0

R6 (config-if) # no shut

R6 (config-if) # ex

R6 (config) # ip route 0.0.0.0 0.0.0.0 192.168.3.1 // configure the gateway address as 192.168.3.1

Iv. Test

R1

// R1 configuration information

R1 # show running-config

Building configuration...

Current configuration: 1098 bytes

!

Version 12.2:

Service timestamps debug uptime

Service timestamps log uptime

No service password-encryption

!

Hostname R1

!

!

Ip subnet-zero

!

!

!

!

!

!

Interface Serial0/0

Ip address 192.168.4.1 255.255.255.0

Ip nat outside

Serial restart-delay 0

!

Interface Serial0/1

Ip address 192.168.5.1 255.255.255.0

Ip nat outside

Serial restart-delay 0

!

Interface Serial0/2

Ip address 192.168.1.1 255.255.255.0

Ip nat inside

Serial restart-delay 0

!

Interface Serial0/3

No ip address

Shutdown

Serial restart-delay 0

!

Ip nat pool pool1 192.168.4.1 192.168.4.1 netmask 255.255.255.0

Ip nat pool pool2 192.168.5.1 192.168.5.1 netmask 255.255.255.0

Ip nat inside source list 101 pool pool1 overload

Ip nat inside source list 102 pool pool2 overload

Ip classless

Ip route 192.168.2.0 255.255.255.0 192.168.4.2

Ip route 192.168.3.0 255.255.255.0 192.168.5.2

Ip http server

!

Access-list 101 permit ip 192.168.1.0 0.0.255 192.168.2.0 0.0.255

Access-list 102 permit ip 192.168.1.0 0.0.255 192.168.3.0 0.0.255

!

Line con 0

Exec-timeout 0 0

Logging synchronous

Line aux 0

Line vty 0 4

!

End

R1 # show ip rou

R1 # show ip route

Codes: C-connected, S-static, I-IGRP, R-RIP, M-mobile, B-BGP

D-OSPF, EX-VPN external, O-OSPF, IA-OSPF inter area

N1-ospf nssa external type 1, N2-ospf nssa external type 2

E1-OSPF external type 1, E2-OSPF external type 2, E-EGP

I-IS, su-IS summary, L1-IS-level-1, L2-IS level-2

Ia-IS inter area, *-candidate default, U-per-user static route

O-ODR, P-periodic downloaded static route

Gateway of last resort is not set

C 192.168.4.0/24 is directly connected, Serial0/0

C 192.168.5.0/24 is directly connected, Serial0/1

C 192.168.1.0/24 is directly connected, Serial0/2

S 192.168.2.0/24 [1/0] via 192.168.4.2 // route information to 2.0

S 192.168.3.0/24 [1/0] via 192.168.5.2 // route information to 3.0

R1 #

R2

R2 # show run

Building configuration...

Current configuration: 576 bytes

!

Version 12.2:

Service timestamps debug uptime

Service timestamps log uptime

No service password-encryption

!

Hostname R2

!

!

Ip subnet-zero

!

!

!

!

!

!

Interface Serial0/0

Ip address 192.168.4.2 255.255.255.0

Serial restart-delay 0

!

Interface Serial0/1

Ip address 192.168.2.1 255.255.255.0

Serial restart-delay 0

!

Interface Serial0/2

No ip address

Shutdown

Serial restart-delay 0

!

Interface Serial0/3

No ip address

Shutdown

Serial restart-delay 0

!

Ip classless

Ip http server

!

!

Line con 0

Exec-timeout 0 0

Logging synchronous

Line aux 0

Line vty 0 4

!

End

R2 # show ip rou

Codes: C-connected, S-static, I-IGRP, R-RIP, M-mobile, B-BGP

D-OSPF, EX-VPN external, O-OSPF, IA-OSPF inter area

N1-ospf nssa external type 1, N2-ospf nssa external type 2

E1-OSPF external type 1, E2-OSPF external type 2, E-EGP

I-IS, su-IS summary, L1-IS-level-1, L2-IS level-2

Ia-IS inter area, *-candidate default, U-per-user static route

O-ODR, P-periodic downloaded static route

Gateway of last resort is not set

C 192.168.4.0/24 is directly connected, Serial0/0

C 192.168.2.0/24 is directly connected, Serial0/1

R2 #

R3

R3 # show run

Building configuration...

Current configuration: 576 bytes

!

Version 12.2:

Service timestamps debug uptime

Service timestamps log uptime

No service password-encryption

!

Hostname R3

!

!

Ip subnet-zero

!

!

!

!

!

!

Interface Serial0/0

Ip address 192.168.3.1 255.255.255.0

Serial restart-delay 0

!

Interface Serial0/1

Ip address 192.168.5.2 255.255.255.0

Serial restart-delay 0

!

Interface Serial0/2

No ip address

Shutdown

Serial restart-delay 0

!

Interface Serial0/3

No ip address

Shutdown

Serial restart-delay 0

!

Ip classless

Ip http server

!

!

Line con 0

Exec-timeout 0 0

Logging synchronous

Line aux 0

Line vty 0 4

!

End

R3 # show ip rou

Codes: C-connected, S-static, I-IGRP, R-RIP, M-mobile, B-BGP

D-OSPF, EX-VPN external, O-OSPF, IA-OSPF inter area

N1-ospf nssa external type 1, N2-ospf nssa external type 2

E1-OSPF external type 1, E2-OSPF external type 2, E-EGP

I-IS, su-IS summary, L1-IS-level-1, L2-IS level-2

Ia-IS inter area, *-candidate default, U-per-user static route

O-ODR, P-periodic downloaded static route

Gateway of last resort is not set

C 192.168.5.0/24 is directly connected, Serial0/1

C 192.168.3.0/24 is directly connected, Serial0/0

R3 #

R4

R4 # ping 192.168.2.100 // county host can ping municipal host

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.2.100, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 92/116/140 MS

R4 # ping 192.168.3.100 // county-level hosts can ping provincial hosts

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.3.100, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 76/91/108 MS

R5

R5 # ping 192.168.1.100 // municipal host cannot ping County host

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.100, timeout is 2 seconds:

U. U. U

Success rate is 0 percent (0/5)

R5 # show ip rou

Codes: C-connected, S-static, I-IGRP, R-RIP, M-mobile, B-BGP

D-OSPF, EX-VPN external, O-OSPF, IA-OSPF inter area

N1-ospf nssa external type 1, N2-ospf nssa external type 2

E1-OSPF external type 1, E2-OSPF external type 2, E-EGP

I-IS, su-IS summary, L1-IS-level-1, L2-IS level-2

Ia-IS inter area, *-candidate default, U-per-user static route

O-ODR, P-periodic downloaded static route

Gateway of last resort is 192.168.2.1 to network 0.0.0.0

C 192.168.2.0/24 is directly connected, Serial0/1

S * 0.0.0.0/0 [0, 1/0] via 192.168.2.1

R5 #

R6

R6 # ping 192.168.1.100 // The provincial host cannot ping the county host

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.100, timeout is 2 seconds:

U. U. U

Success rate is 0 percent (0/5)

R6 # show ip route

Codes: C-connected, S-static, I-IGRP, R-RIP, M-mobile, B-BGP

D-OSPF, EX-VPN external, O-OSPF, IA-OSPF inter area

N1-ospf nssa external type 1, N2-ospf nssa external type 2

E1-OSPF external type 1, E2-OSPF external type 2, E-EGP

I-IS, su-IS summary, L1-IS-level-1, L2-IS level-2

Ia-IS inter area, *-candidate default, U-per-user static route

O-ODR, P-periodic downloaded static route

Gateway of last resort is 192.168.3.1 to network 0.0.0.0

C 192.168.3.0/24 is directly connected, Serial0/0

S * 0.0.0.0/0 [0, 1/0] via 192.168.3.1

This article from the "Jia Liang blog" blog, please be sure to keep this source http://jialiang10086.blog.51cto.com/4496483/958182

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.