CISCO PT Simulation Experiment (19) NAT feature configuration for routers

CISCO PT Simulation Experiment (19) NAT feature configuration for routers

Experimental Purpose :

Mastering the principle and function of NAT network address translation

Master the configuration of static NAT to achieve LAN access to the Internet

Mastering the principle of wide area network (WAN) access technology

Experimental Background :

in order to adapt to the company's growing business needs, the company wants to publish the website through the Web server, now requires the intranet server IP address mapped to a global IP address, the external network can access the company's internal server WWW service, you can configure NAT function on the egress router.

Technical Principle :

• Network address translation (Nat,network addresses translation) is an Access wide area network (WAN) technology, which transforms the private IP address into a public IP address, which can solve the problem of insufficient LP address and effectively avoid attacks from outside the network. Hides and protects computers inside the network, so it is widely used in various types of Internet access and various types of networks.

• NAT devices play a proxy role between the public and private networks. In the private network, each host through the private network IP address communication, when the internal node to communicate with the external network nodes, the private network IP address in the gateway is replaced with the public IP address, so that normal use on the Internet. The features are:

  • Nat Gateway is set in the private network to the public network routing exit location, bidirectional traffic must go through the NAT gateway;

  • Network access can only be initiated by the private network side, the public network can not actively access the private network host;

  • NAT Gateway in two access direction to complete the conversion or translation of two address, out of the direction of the source information to replace, into the direction to do the purpose of information replacement;

  • The presence of a NAT gateway is transparent to both sides of the communication;

  • NAT Gateway in order to realize the function of bidirectional translation, we need to maintain an association table to save the information of the session.

• To really understand NAT, you must first understand the current IP address, the private IP address refers to the internal network or host IP address, the public IP address refers to the internet on the world's only IP address. NAT is implemented in the following three ways:

  • static address NAT: Each host in the private network is mapped to an external public network in legal IP address.

  • port conversion Napt (Port-level NAT): Maps the internal address to a different port on the same IP address as the external network.

Experimental Equipment : ROUTER-PT 2 units, switch_2960 1, PC 2, Server 1, straight line, crossover line, serial line.

Experimental topology :

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/A6/1A/wKioL1nJEYnhDksLAABLwIWU8B8184.png-wh_500x0-wm_ 3-wmp_4-s_2028913294.png "title=" 19.1.PNG "alt=" Wkiol1njeynhdkslaablwiwu8b8184.png-wh_50 "/>

Experimental steps:

New Cisco PT topology diagram

Set the IP and gateway addresses of each PC and server to auto get (DHCP)

Configuration of each router (interface IP, clock frequency, etc.)

Configuring RIP dynamic routing on ROUTER0 and Router1

Configuring static NAT on Router0

Configuring the internal and external network interfaces on Router1

Test interoperability between terminals (PC, Server)

# PC0 Set 222.200.106.2//subnet mask and gateway 255.255.255.0222.200.106.1

# PC1 Set 192.168.1.2//subnet mask and gateway 255.255.255.0192.168.1.1

# SERVER0 Set 192.168.1.3//subnet mask and gateway 255.255.255.0192.168.1.1

/*=part1  router0  Basic Configuration   */router>enablerouter#conf trouter (config) #inter  f0/0                  //Enter No. 0 module NO. 0 port (Fast Ethernet interface) Router (config-if) #ip  address 222.200.106.1 255.255.255.0     //Configuration F0/0 Interface Iprouter (config-if) #no  shutdown              //open port, default off router (config-if) #exitRouter (config) #interface  serial 2/0        //Enter 2nd module NO. 0 port (Serial interface) Router (config-if) #ip  address  222.200.105.10 255.255.255.0    //Configuration S2/0 Interface Iprouter (config-if) #clock  rate  64000        //must be configured with a clock to communicate router (config-if) #no  shutdown              //open port, default off router (config-if) #exit/*= Part2  rip Dynamic Routing Configuration   */routeR (config) #router  rip                      //into routing configuration mode  -  enable RIP protocol router (config-router) #version  2                //using version 2, That is, the RIPV2 protocol router (config-router) #network  222.200.105.0     //Specifies the network that needs to be advertised (located in the routing interface) Router (Config-router) #network  222.200.106.0router (config-router) #^zrouter#show r

/*=part1  router1  Basic Configuration   */router>enablerouter#conf trouter (config) #inter  f0/0                  //Enter No. 0 module NO. 0 port (Fast Ethernet interface) Router (config-if) #ip  address 192.168.1.1 255.255.255.0     //Configuration F0/0 Interface Iprouter (config-if) #no  shutdown              //open port, default off router (config-if) #exitRouter (config) #inter  s2/0                  // Enter 2nd module NO. 0 port (Serial interface) Router (config-if) #ip  address 222.200.105.11 255.255.255.0     //Configuration S2/0 Interface Iprouter (config-if) #no  shutdown              //open port, default off Router (config) #exit/*=part2  rip dynamic routing configuration   */router (config ) #router  RIP      &NBsp;              //Entering routing configuration mode  -  Enable RIP protocol router (config-router) #version  2                //using version 2, RIPV2 protocol router (config-router) #network  192.168.1.0      //Specifies the network that needs to be advertised (located in the routing interface) Router (config-router) #network  222.200.105.0router (config-router) #exit/*=part3    static NAT configuration   */router (config) #inter  f0/0router (config-if) #ip  nat inside          //Set the Intranet interface Router (CONFIG-IF) #exit   router (config) #inter  s2/0              router (config-if ) #ip  nat outside        //to set the extranet interface router (config-if) #exitRouter (config) #ip  nat inside static 192.168.1.2 222.200.105.2    // Configure static NAT mapping Router (CONfig) #ip  nat inside static 192.168.1.3 222.200.105.3router (config) #^ZRouter#show  ip nat translationsrouter#show r

# PC0 Ping 222.200.105.10//link ping 192.168.1.2//link ping 222.200.106.2//link Access http://192.168.1.3//Access successful access http://222.200.105.3//Access successful

Lab environment: Windows 7,cisco PT 7.0

Reference: CCNA Study Guide (7th edition)

CISCO PT Simulation Experiment (19) NAT feature configuration for routers