[CISCO] NAT configuration overview

[CISCO] NAT configuration full guide vronat NAT Function configuration introduction with the rapid development of the internet, the shortage of IP addresses has become a very prominent problem. A variety of solutions have emerged to solve this problem. The following describes an effective method in the current network environment: address translation (NAT. 1. NAT Introduction

[CISCO] NAT configuration full guide vronat NAT Function configuration introduction with the rapid development of the internet, the shortage of IP addresses has become a very prominent problem. A variety of solutions have emerged to solve this problem. The following describes an effective method in the current network environment: address translation (NAT. 1. Introduction to NAT

[CISCO] NATSetIntroduction to router NAT Function Configuration

With the rapid development of internet, the shortage of IP addresses has become a very prominent problem. A variety of solutions have emerged to solve this problem. The following describes an effective method in the current network environment: address translation (NAT.

1. NAT Introduction
NAT (Network Address Translation) is an IP Address that can be customized within a Network as needed without application. In the network, computers communicate through internal IP addresses. When the internal computer needs to communicate with the external internet, the device with the NAT Function (such as a router) converts an internal IP address to a valid IP address (that is, the requested IP address) for communication.

Ii. NAT application environment:

Scenario 1: an enterprise does not want external network users to know its internal network structure. They can use NAT to isolate the internal network from the external Internet. Therefore, external users do not know the internal network structure through NAT.Set.
Case 2: An enterprise applies for a small number of valid Internet IP addresses, and there are many internal network users. You can use the NAT Function to allow multiple users to communicate with the external Internet by sharing a valid IP address at the same time.

III,SetHardware configuration and software configuration of the vro required for NAT:

SetThe NAT router must have at least one internal port (Inside) and one external port (Outside ). The network user connecting to an internal port uses an internal IP address.
The internal port can be any vro port. The external port is connected to an external network, such as the Internet. The external port can be any port on the router.
SetIn this example, Cisco2501 is used, and IOS 11.2 and later versions Support NAT ).

4. Several Concepts about NAT:

Internal local address: the internal IP address assigned to the computer in the internal network. Inside global address: valid IP addresses that indicate one or more internal local addresses when an external IP address is used for communication. The IP address that can be obtained only after application.

5. NATSetMethod:

NATSetIt can be divided into static address translation, dynamic address translation, and multiplexing dynamic address translation.

1. Environment applicable to static address translation

Static address translation performs one-to-one conversion between the internal local address and the internal legal address, and specifies the legal address to which the conversion is required. If there are E-mail servers or FTP servers in the internal network that can provide services to external users, the IP addresses of these servers must adopt static address translation so that external users can use these services.

To configure static address translation, follow these steps:

(1) Establish static address conversion between the internal local address and the internal legal address. In the globalSetSTATUS input:
Ip nat inside source static internal local address internal legal address

(2) Specify the internal port of the connected network on the portSetEnter: ip nat inside

(3) Specify the external port connecting to the external network on the portSetEnter: ip nat outside

Note: You can define multiple internal ports and multiple external ports as needed.

Instance 1:
This instance implements static NAT address translation. Use the 2501 Ethernet port as the internal port and the synchronization port 0 as the external port. The internal local addresses 10.1.1.2, 10.1.1.3, and 10.1.1.4 use static address conversion. The valid internal addresses are respectively 192.1.1.2, 192.1.1.3, and 192.1.1.4.

Vro2501 Configuration:

Current configuration:
Version 11.3:
No service password-encryption
Hostname 2501
Ip nat inside source static 10.1.1.2 192.1.1.2
Ip nat inside source static 10.1.1.3 192.1.1.3
Ip nat inside source static 10.1.1.4 192.1.1.4
Interface Ethernet0
Ip address 10.1.1.1 255.255.255.0
Ip nat inside
Interface Serial0
Ip address 192.1.1.1 255.255.255.0
Ip nat outside
No ip mroute-cache
Bandwidx 2000
No fair-queue
Clockrate 2000000
Interface Serial1
No ip address
Shutdown
No ip classless
Ip route 0.0.0.0 0.0.0.0 Serial0
Line con 0
Line aux 0
Line vty 0 4
Password cisco
End

After the configuration is complete, you can view it using the following statement:

Show ip nat statistcs
Show ip nat translations

2. Environment applicable to Dynamic Address Translation:
Dynamic address translation is also a one-to-one conversion between a local address and a valid internal address, however, dynamic address translation dynamically selects a last address from the internal valid address pool to convert the internal local address.

Follow these steps to configure Dynamic Address Translation:
(1) globallySetTo define an internal valid address pool.
Ip nat pool address pool name start ip address end ip address Subnet Mask
The address pool name can be set at will.

(2) globallySetDefines a standard access-list rule to allow dynamic address translation for internal addresses.
Access-list label: permit source address wildcard
The value is an integer between 1 and 99.

(3) globallySetIn this mode, the internal local address specified by access-list is converted to the specified internal valid address pool.
Ip nat inside source list access list entry valid address pool name inside pool

(4) Specify the internal port connected to the internal network on the portSetStatus:
Ip nat inside

(5) Specify the external port connected to the external network
Ip nat outside

Instance 2:
The hardware configuration in this instance is the same as above, and the dynamic NAT address translation function is used. Use the 2501 Ethernet port as the internal port and the synchronization port 0 as the external port. 10.1.1.0 uses dynamic address translation. The valid internal address is 192.1.1.2 ~ 192.1.1.10

Current configuration:
Version 11.3:
No service password-encryption
Hostname 2501
Ip nat pool aaa 192.1.1.2 192.1.1.10 netmask 255.255.255.0
Ip nat inside source list 1 pool aaa
Interface Ethernet0
Ip address 10.1.1.1 255.255.255.0
Ip nat inside
Interface Serial0
Ip address 192.1.1.1 255.255.255.0
Ip nat outside
No ip mroute-cache
Bandwidx 2000
No fair-queue
Clockrate 2000000
Interface Serial1
No ip address
Shutdown
No ip classless
Ip route 0.0.0.0 0.0.0.0 Serial0
Access-list 1 permit 10.1.1.0 0.0.255
Line con 0
Line aux 0
Line vty 0 4
Password cisco
End

3. Environment for reusing Dynamic Address Translation:
Multiplexing dynamic address translation is a kind of dynamic address translation, but it allows multiple internal local addresses to share one internal legal address. This type of conversion is extremely useful when you only apply for a small number of IP addresses but often have more users than the number of valid addresses on the external network at the same time.

Note: When multiple users use one IP address at the same time, the external network uses the upper layer such as TCP or UDP port number to uniquely identify a computer through the router.

Procedure for reusing Dynamic Address Translation:
In the globalSetDefines the internal address pool.
Ip nat pool address pool name start ip address end ip address Subnet Mask
The address pool name can be set at will.
In the globalSetMode, define a standard access-list rule to allow which internal local addresses can be dynamically converted.

Access-list label: permit source address wildcard
The value is an integer between 1 and 99.
In the globalSetMode,SetDynamic address translation is established between the internal local address and the internal valid IP address.

Ip nat inside source list access list number internal pool valid address pool name overload
On the portSetStatus, specify the internal port connected to the internal network

Ip nat inside
On the portSetSpecifies the external port connected to the external network.

Ip nat outside
Instance: the dynamic NAT address translation function is used. Use the 2501 Ethernet port as the internal port and the synchronization port 0 as the external port. 10.1.1.0 uses dynamic address translation. Assume that the enterprise only applies for a valid IP address 192.1.1.1.

2501 Configuration
Current configuration:
Version 11.3:
No service password-encryption
Hostname 2501
Ip nat pool bbb 192.1.1.1 192.1.1.1 netmask 255.255.255.0
Ip nat inside source list 1 pool bbb overload
Interface Ethernet0
Ip address 10.1.1.1 255.255.255.0
Ip nat inside
Interface Serial0
Ip address 192.1.1.1 255.255.255.0
Ip nat outside
No ip mroute-cache
Bandwidx 2000
No fair-queue
Clockrate 2000000
Interface Serial1
No ip address
Shutdown
No ip classless
Ip route 0.0.0.0 0.0.0.0 Serial0
Access-list 1 permit 10.1.1.0 0.0.255
Line con 0
Line aux 0
Line vty 0 4
Password cisco
End