CISCO PT Simulation Experiment (19) NAT feature configuration for routers
Experimental Purpose :
Mastering the principle and function of NAT network address translation
Master the configuration of static NAT to achieve LAN access to the Internet
Mastering the principle of wide area network (WAN) access technology
Experimental Background :
in order to adapt to the company's growing business needs, the company wants to publish the website through the Web server, now requires the intranet server IP address mapped to a global IP address, the external network can access the company's internal server WWW service, you can configure NAT function on the egress router.
Technical Principle :
Network address translation (Nat,network addresses translation) is an Access wide area network (WAN) technology, which transforms the private IP address into a public IP address, which can solve the problem of insufficient LP address and effectively avoid attacks from outside the network. Hides and protects computers inside the network, so it is widely used in various types of Internet access and various types of networks.
NAT devices play a proxy role between the public and private networks. In the private network, each host through the private network IP address communication, when the internal node to communicate with the external network nodes, the private network IP address in the gateway is replaced with the public IP address, so that normal use on the Internet. The features are:
Nat Gateway is set in the private network to the public network routing exit location, bidirectional traffic must go through the NAT gateway;
Network access can only be initiated by the private network side, the public network can not actively access the private network host;
NAT Gateway in two access direction to complete the conversion or translation of two address, out of the direction of the source information to replace, into the direction to do the purpose of information replacement;
The presence of a NAT gateway is transparent to both sides of the communication;
NAT Gateway in order to realize the function of bidirectional translation, we need to maintain an association table to save the information of the session.
To really understand NAT, you must first understand the current IP address, the private IP address refers to the internal network or host IP address, the public IP address refers to the internet on the world's only IP address. NAT is implemented in the following three ways:
-
static address NAT: Each host in the private network is mapped to an external public network in legal IP address.
-
-
port conversion Napt (Port-level NAT): Maps the internal address to a different port on the same IP address as the external network.
Experimental Equipment : ROUTER-PT 2 units, switch_2960 1, PC 2, Server 1, straight line, crossover line, serial line.
Experimental topology :
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/A6/1A/wKioL1nJEYnhDksLAABLwIWU8B8184.png-wh_500x0-wm_ 3-wmp_4-s_2028913294.png "title=" 19.1.PNG "alt=" Wkiol1njeynhdkslaablwiwu8b8184.png-wh_50 "/>
Experimental steps:
New Cisco PT topology diagram
Set the IP and gateway addresses of each PC and server to auto get (DHCP)
Configuration of each router (interface IP, clock frequency, etc.)
Configuring RIP dynamic routing on ROUTER0 and Router1
Configuring static NAT on Router0
Configuring the internal and external network interfaces on Router1
Test interoperability between terminals (PC, Server)
# PC0 Set 222.200.106.2//subnet mask and gateway 255.255.255.0222.200.106.1
# PC1 Set 192.168.1.2//subnet mask and gateway 255.255.255.0192.168.1.1
# SERVER0 Set 192.168.1.3//subnet mask and gateway 255.255.255.0192.168.1.1
/*=part1 router0 Basic Configuration */router>enablerouter#conf trouter (config) #inter f0/0 //Enter No. 0 module NO. 0 port (Fast Ethernet interface) Router (config-if) #ip address 222.200.106.1 255.255.255.0 //Configuration F0/0 Interface Iprouter (config-if) #no shutdown //open port, default off router (config-if) #exitRouter (config) #interface serial 2/0 //Enter 2nd module NO. 0 port (Serial interface) Router (config-if) #ip address 222.200.105.10 255.255.255.0 //Configuration S2/0 Interface Iprouter (config-if) #clock rate 64000 //must be configured with a clock to communicate router (config-if) #no shutdown //open port, default off router (config-if) #exit/*= Part2 rip Dynamic Routing Configuration */routeR (config) #router rip //into routing configuration mode - enable RIP protocol router (config-router) #version 2 //using version 2, That is, the RIPV2 protocol router (config-router) #network 222.200.105.0 //Specifies the network that needs to be advertised (located in the routing interface) Router (Config-router) #network 222.200.106.0router (config-router) #^zrouter#show r
/*=part1 router1 Basic Configuration */router>enablerouter#conf trouter (config) #inter f0/0 //Enter No. 0 module NO. 0 port (Fast Ethernet interface) Router (config-if) #ip address 192.168.1.1 255.255.255.0 //Configuration F0/0 Interface Iprouter (config-if) #no shutdown //open port, default off router (config-if) #exitRouter (config) #inter s2/0 // Enter 2nd module NO. 0 port (Serial interface) Router (config-if) #ip address 222.200.105.11 255.255.255.0 //Configuration S2/0 Interface Iprouter (config-if) #no shutdown //open port, default off Router (config) #exit/*=part2 rip dynamic routing configuration */router (config ) #router  RIP      &NBsp; //Entering routing configuration mode - Enable RIP protocol router (config-router) #version 2 //using version 2, RIPV2 protocol router (config-router) #network 192.168.1.0  //Specifies the network that needs to be advertised (located in the routing interface) Router (config-router) #network 222.200.105.0router (config-router) #exit/*=part3 static NAT configuration */router (config) #inter f0/0router (config-if) #ip nat insiderouter (config-if) #exitRouter (config) #inter s2/0router (config-if) #ip nat outsiderouter (config-if) # Exitrouter (config) #ip nat inside static 192.168.1.2 222.200.105.2router (config) #ip nat inside static 192.168.1.3 222.200.105.3router (config) #^ZRouter#show ip nat translationsrouter#show r
# PC0 Ping 222.200.105.10//link ping 192.168.1.2//link ping 222.200.106.2//link Access http://192.168.1.3//Access successful access http://222.200.105.3//Access successful
Lab environment: Windows 10,cisco PT 7.0
Reference: CCNA Study Guide (7th edition)
CISCO PT Simulation Experiment (19) NAT feature configuration for routers