NAT configuration on a CISCO Router

NAT configuration on a CISCO router is in full swing and causes the shortage of IP addresses. to alleviate this problem, an important application is NAT (Network Address Translation ), it is widely used. Through address translation, NAT enables enterprises to access the Internet by using only a small number of valid IP addresses on the internet, effectively alleviating address insufficiency, at the same time, it provides certain security. NAT is implemented in a variety of ways. This article describes NAT applications using a single instance on the Cisco 2611 vro platform. NAT on a Cisco router usually has three application modes, which are applicable to different requirements: 1. static address translation: it is suitable for internal enterprise servers to provide services outside the enterprise network (such as WEB and FTP). You need to establish static ing between internal server addresses and fixed legal addresses. Www.2cto.com www.2cto.com 2. dynamic Address Translation: establishes a dynamic conversion mechanism for internal and external addresses, which is often applicable to scenarios with a large number of rented addresses. enterprises can create multiple address Pools Based on their access needs, bind to different departments. This not only enhances the management granularity, but also simplifies the troubleshooting process. 3. Port address multiplexing: Applicable to scenarios where the number of addresses is small and multiple users need to access the Internet at the same time. Figure 1 shows that an enterprise obtains six valid IP addresses (202.103.100.128 ~ 202.103.100.135, mask is 255.255.255.248, 128 and 135 are network addresses and broadcast addresses, unavailable), access the Internet through a 2611 router. The internal network is divided into several subnets based on functions, and the server subnet is expected to provide external WEB services. The finance department uses an independent address pool to access the Internet, and other departments share the remaining address pool. The specific address allocation steps are as follows: 1. select E0 as the internal interface, s0 serves as an external interface www.2cto.com interface e0 ip address 192.168.100.1 255.255.255.0 ip nat inside/* configure e0 as an internal interface */interface s0 ip address 202.103.100.129 255.255.255.248 ip nat outside/* configure s0 as an external interface * /2. configure an address pool for each Department (finance-finance Department; other-other department): ip nat pool finance 202.103.100.131 202.103.100.131 netmask 255.255.255.248 ip nat pool other 202.103.100.132 202.103.100.134 netma Sk certificate 255.248 www.2cto.com 3. use the access control list to check the source address of the data packet and map it to the ip addresses of different address pools nat inside source list 1 pool financeoverload/* overload-enable port multiplexing */ip nat inside source list 2 pool other /* dynamic address translation */4. define access Control list access-list 1 permit 192.168.20.0 0.0.255 access-list 2 permit 192.168.30.0 0.0.255 www.2cto.com 5. create static address translation and open the WEB port (TCP 80) ip nat inside source static tcp 192.168.10.2 80 202.103.100.130 80 www.2cto.com 6. After configuring the default route ip route 0.0.0.0 0.0.0.0 s0, hosts on the internet can access the Internal Enterprise WEB Server 192.168.10.2 through 202.103.100.130: 80. access requests from the Financial Department are mapped to 202.103.100.131; access requests from other departments are mapped to 202.103.100.131 ~ 134. So far, an enterprise NAT Internet access solution has been completed.