Packet Tracer 5.2 Experiment (15) network port address translation NAPT configuration
First, the experimental target
Understand the principle and function of NAT network address translation;
Master NAPT configuration, realize LAN access to the Internet;
Second, the experimental background
Corporate office network needs to access the Internet, the company only applied to the ISP a dedicated line, the leased line assigned a public IP address, the configuration of the entire company can access the network of the host.
Three, the principle of technology
NAT divides the network into two parts: the internal network and the external network, and when the LAN hosts use NAT to access the network, the local address inside the LAN is converted to the global address (the Internet's legitimate IP address) and the packet is forwarded.
There are two types of NAT: Nat (network address translation) and NAPT (Network port address translation IP address corresponds to a global address).
NAPT: Use different ports to map multiple intranet IP addresses to a specified extranet IP address, many to one.
The NAPT uses a port multiplexing approach. All hosts on the internal network can share a legitimate external IP address to enable access to the Internet, thereby minimizing IP address resources. At the same time, can hide all the hosts inside the network, effectively avoid attacks from the Internet. Therefore, the most application in the network is the port multiplexing method.
Iv. Steps of the experiment
Experimental topology
650) this.width=650; "src=" http://pic002.cnblogs.com/images/2012/370046/2012072422424012.jpg "/>
1, R1 for the company export router, and ISP router through the v.35 cable serial connection, the DCE end connected on the R1, configured its clock frequency of 64000;
2, configure the PC, server and router interface IP address;
3, configure the static routing protocol on each router, so that the PC can ping each other;
4, on the R1 configuration napt;
5, define the internal and external network interface on the R1;
6, verify the interoperability between the host.
R1:
650) this.width=650; "src=" Http://common.cnblogs.com/images/copycode.gif "alt=" Copy Code "/>
router>enrouter#conf tenter configuration commands, one per line. end with Cntl/z.router (config) #host r1r1 (config) #int fa0/0r1 (config-if) #ip add 192.168.1.1 255.255.255.0r1 ( config-if) #no shut%link-5-changed:interface fastethernet0/0, CHANGED State to Up%lineproto-5-updown:line protocol on Terface fastethernet0/0, changed state to UpR1 (config-if) #exitR1 (config) #int s2/0r1 (config-if) #ip add 200.1.1.1 255.255.255.0R1 (config-if) #no shut%link-5-changed:interface serial2/0, CHANGED State to DownR1 (config-if) #clock rate 64000R1 (config-if) #exitR1 (config) #R1 (config) #R1 (config) #R1 (config) #%link-5-changed:interface serial2/0, CHANGED State to Up%lineproto-5-updown:line protocol in Interface serial2/0, changed state to UpR1 (config) #R1 (config) #ip Route 20 0.1.2.0 255.255.255.0 200.1.1.2 Configure static route R1 (config) #endR1 #%sys-5-config_i:configured from console by consoler1#show IP routecodes:c-ConnecTed, S-static, I-igrp, R-rip, M-mobile, B-BGP D-EIGRP, ex-eigrp external, O-OSPF, IA -OSPF Inter area N1-OSPF NSSA external type 1, N2-OSPF NSSA external type 2 E1-OSPF external Type 1, E2-OSPF external type 2, E-EGP I-is-is, L1-is-is level-1, L2-is -is Level-2, Ia-is-is Inter area *-candidate default, U-per-user static route, O-odr & nbsp P-periodic downloaded static routegateway of last resort isn't setc &NBSP;192.168.1.0/24 is directly conn ected, fastethernet0/0c &NBSP;200.1.1.0/24 is directly connected, serial2/0s &NBSP;200.1.2.0/24 [1/0] via 20 0.1.1.2r1#r1#r1#r1#r1#r1#conf tenter configuration commands, one per line. end with Cntl/z.r1 (config) #int fa0/0r1 (config-if) #ip nat inside R1 (config-if) #exitR1 (config) #int s2/0r1 ( CONFIG-IF) #ip Nat outside R1 (config-if) #exitR1 (config) #access-list? <1-99>IP standard access list<100-199>IP Extended access listR1 (config) #access-list 1? Deny specify packets to reject permit specify packets to forward remark Access list entry commentR1 (config) #access- List 1 permit? A.b.c.d Address to match any any source host host A single host addressR1 (config) #access-list 1 Permit 192.168 .1.0? A.B.C.D Wildcard bits<CR>R1 (config) #access-list 1 permit 192.168.1.0 0.0.0.255? <CR>R1 (config) #access-list 1 Permit 192.168.1.0 0.0.0.255//define access Control List R1 (config) #ip nat? Inside inside address translation outside outside address translation pool Define pool of addressesR1 (config) #ip Nat Pool? WORD pool nameR1 (config) #ip Nat pool David? A.B.C.D Start IP addressR1 (config) #ip nat pool David 200.1.1.3? A.B.C.D End IP addressR1 (config) #ip Nat pool David 200.1.1.3 200.1.1.3? Netmask Specify the network maskR1 (config) #ip Nat pool David 200.1.1.3 200.1.1.3 netmask? a.b.c.d Network maskR1 (config) #ip Nat pool David 200.1.1.3 200.1.1.3 netmask 255.255.255.0? <CR>R1 (config) #ip Nat pool David 200.1.1.3 200.1.1.3 netmask 255.255.255.0 R1 (config) #ip nat inside? Source Source address translationR1 (config) #ip nat inside Source? List specify access list describing local addresses static specify static Local->global mappingR1 (config) #ip nat I Nside Source list 1? Interface specify interface for global address pool Name pool of global addressesR1 (config) #ip nat inside Source L Ist 1 pool? WORD Name Pool of global addressesR1 (config) #ip nat inside source list 1 pool David? Overload overload an address translation<CR>R1 (config) #ip nat inside source List 1 pool David overload? <CR>R1 (config) #ip nat inside source List 1 pool David overload R1 (config) #endR1 #%sys-5-config_i:configured from the console by Co Nsoler1#show IP nat? Statistics translation Statistics translations translation entriesr1#show IP NAT Translations There is no record when the host has access to the Web server
R1#r1#show IP NAT Translations//there are hosts accessing the Web Server, generating recordsPro inside Global Inside local Outside local outside GLOBALTC P 200.1.1.3:1026 192.168.1.2:1026 200.1.2.2:80 200.1.2.2:80r1#show IP Nat transl ations &NB Sp //host access from 1.2 and 1.3 Pro inside global Inside local Outside local outside globaltcp 200.1.1.3:1026 192.16 8.1.2:1026 200.1.2.2:80 200.1.2.2:80tcp 200.1.1.3:1025 192.168.1.3:1025 2 00.1.2.2:80 200.1.2.2:80r1#show IP NAT Translations Pro inside global Inside Loca L Outside local outside globaltcp 200.1.1.3:1026 192.168.1.2:1026 & nbsp 200.1.2.2:80   200.1.2.2:80TCP 200.1.1.3:1027 192.168.1.2:1027 200.1.2.2:80 200.1 .2.2:80tcp 200.1.1.3:1025 192.168.1.3:1025 200.1.2.2:80 200.1.2.2:80TCP 200.1.1 .3:1024 192.168.1.3:1026 200.1.2.2:80 200.1.2.2:80r1#
650) this.width=650; "src=" Http://common.cnblogs.com/images/copycode.gif "alt=" Copy Code "/>
R2:
650) this.width=650; "src=" Http://common.cnblogs.com/images/copycode.gif "alt=" Copy Code "/>
router>enrouter#conf tenter configuration commands, one per line. End with cntl/z.router (config) #hostname r2r2 (config) #int fa0/0r2 (config-if) #ip add &NBSP;200.1.2.1&NBSP;255.255.255.0R2 (config-if) #no shut%link-5-changed: interface fastethernet0 /0, changed state to up%lineproto-5-updown: line protocol on interface &NBSP;FASTETHERNET0/0,&NBSP;CHANGED&NBSP;STATE&NBSP;TO&NBSP;UPR2 (config-if) #exitR2 (config) #int s2/0r2 ( CONFIG-IF) #ip add 200.1.1.2 255.255.255.0r2 (config-if) #no shut%LINK-5-CHANGED: INTERFACE&NBSP;SERIAL2/0,&NBSP;CHANGED&NBSP;STATE&NBSP;TO&NBSP;UPR2 (config-if) #%LINEPROTO-5-UPDOWN: Line &NBSP;PROTOCOL&NBSP;ON&NBSP;INTERFACE&NBSP;SERIAL2/0,&NBSP;CHANGED&NBSP;STATE&NBSP;TO&NBSP;UPR2 (config-if) #R2 ( config-if) #R2 (config-if) #exitR2 (config) #ip route 192.168.1.0 255.255.255.0 200.1.1.1r2 ( Config) #endR2 #%sys-5-config_i: configured from console by consoler2#show ip routecodes: c - connected, s - static, i - igrp, r - rip, m - mobile, b - bgp d - eigrp, ex - EIGRP external, O - OSPF, IA - OSPF inter area n1 - ospf nssa external type 1, n2 - ospf nssa external type 2 e1 - ospf external type 1, e2 - ospf external type 2, e - EGP i - IS-IS, L1 - IS-IS level-1, l2 - is-is level-2, ia - is-is inter area * - candidate default, U - per-user static route, o - odr p - periodic downloaded static Routegateway of last resort is not sets 192.168.1.0/24 [1/0] via 200.1.1.1c 200.1.1.0/24 is directly connected, serial2/0c 200.1.2.0/24 is directly connected, fastethernet0/ 0r2#r2#r2#r2#
650) this.width=650; "src=" Http://common.cnblogs.com/images/copycode.gif "alt=" Copy Code "/>
PC1:
650) this.width=650; "src=" Http://common.cnblogs.com/images/copycode.gif "alt=" Copy Code "/>
packet tracer pc command line 1.0pc>ipconfigip address ......................: 192.168.1.2subnet mask.....................: 255.255.255.0default Gateway.................: 192.168.1.1pc>ping 200.1.2.2pinging 200.1.2.2 with 32 bytes of data:reply from 200.1.2.2: bytes=32 time=15ms ttl=126reply from 200.1.2.2: bytes=32 time=16ms ttl=126reply from 200.1.2.2: bytes =32 time=16ms ttl=126reply from 200.1.2.2: bytes=32 time=15ms ttl=126ping statistics for 200.1.2.2: Packets: Sent = 4, received = 4, lost = 0 (0% loss),approximate round trip times in milli-seconds: minimum = 15ms, maximum = 16ms, average = 15mspc>
650) this.width=650; "src=" Http://common.cnblogs.com/images/copycode.gif "alt=" Copy Code "/>
Packet Tracer 5.2 Experiment (15) network port address translation NAPT configuration