CCNA Study Notes 12-NAT

Source: Internet
Author: User

CCNA Study Notes 12-NAT
Inside local-> inside group private IP address translation to public IP address, using the internet ◆ NAT term inside outside refers to the physical location (local PC Access to Baidu server, PC is inside Baidu server is outside) inside local: private IP address, cannot be directly used inside Internet inside group Global: Used to replace internal local IP address, on the Internet, it is a legal IP outside group external global: The Host IP address in the external network, usually the globally routable address space outside local external local: the external Host IP address seen in the internal network. Note: For the local Gateway Router, from incoming data to outgoing data, the route is first used for NAT; otherwise, the data that comes in from the outside to the internal network is sent, data streams that are first NAT and then routed out of the Interior can be converted through configuration. However, the data that comes in from the outside must have corresponding table items. During configuration, external data conversion cannot be triggered. ◆ NAT classification is classified into static NAT Based on the ing method: manually establishes a ing between an internal IP address and an external IP address. It is often used for internal servers used by an enterprise intranet for services when an internal device requires access from an external network. Dynamic NAT: converts an internal IP address to an IP address in an external IP address pool. It is often used by the company's internal IP addresses to share multiple public IP addresses to access the internet. overloaded NAT: a special form of dynamic NAT. Use different port numbers to convert multiple internal IP addresses to one external IP address. also known as NPAT, NAPT or port multiplexing NAT ◆ configure static NAT: ◆ specify an internal interface and an external interface ip address nat {inside | outside} configure a static conversion entry ip address nat inside source static local-ip {interface | global-IP} ◆ configure a static Port address Translation ip nat inside source static {tcp | udp} local-ip local-port {interfac interface | golbal-ip} global-ip View: show ip nat translations: You can see the table items. If the incoming traffic is converted from this table item, dynamic NAT does not have any table items, and the external traffic cannot access the internal environment: 1. One-to-one static R1 ing R1: int f1/0 ip add 12.1.1.1 255.255.255.0 no shu int lo0 ip add 10.1.1.1 255.255.255.255 router VPN 10 no auto net 0.0.0.0R2: int f1/0 ip add 12.1.1.2 255.255.255.0 no shu int f1/1 ip add 23.1.1.2 255.255.255.0 no shu router VPN 10 no auto net 0.0.0.0 redistribute static ip route 0.0.0.0 0.0.0.0 23.1.1.3 R3: int f1/0 ip add 23.1.1.3 255.255.255.0 no shu int lo0 ip add 3.3.3.3 255.255.255.255 at this time, R1 ping R3 ping 3.3.3.3 fails, R 3. Enable the debug ip packet to check whether the R1 package has arrived at R3. However, R1.R2 cannot be returned. Configure NAT: int f0/0 ip nat inside int f0/1 ip nat outside ip nat inside source static 10.1.1.1 23.1.1.2 Then ping from R1 3.1.1.1 source 10.1.1.1 remarks: internal traffic first and then translate; external traffic is first translated in the routing test to enable telnet for R1 R2. From R3telnet 23.1.1.2, we can see that the remote access to R1 2 is not R2. Therefore, 23.1.1.2 is translated into 10.1.1.1 and the one-to-one ing is not used in practice, which wastes the company's public IP address, port ing is used. Release the port static NAT configuration on your server: R2: ip nat inside source static tcp 10.1.1.1 23 23.1.1.2 123 2. Multi-to-many dynamic ing assuming the public IP address assigned by the carrier to the enterprise: 255.255.255.255.255.240 Intranet IP: 192.168.1.0 255.255.255.0ip nat pool nat-208 172.19.233.209 172.19.233.222 netmask 255.255.255.255.240ip nat inside source list 1 pool nat-208access-list 1 permit 192.168.1.0 0.0.255, from inside to outside, table entries can be generated through NAT configuration. However, once the returned stream has not been updated, it cannot come in. 3. Reuse the internal Global IP address to use an internal Global IP address to simultaneously represent multiple internal local IP addresses. IP addresses and port numbers are used to uniquely differentiate internal hosts. Configuration: add the keyword overload .. Ip nat inside source list 1 pool nat-208 overload clear translation table, clear ip nat translation *

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.