Packet Tracer 5.2 Experiment (15) network port address translation NAPT configuration

Packet Tracer 5.2 Experiment (15) network port address translation NAPT configuration

First, the experimental target

• Understand the principle and function of NAT network address translation;

• Master NAPT configuration, realize LAN access to the Internet;

Second, the experimental background

Corporate office network needs to access the Internet, the company only applied to the ISP a dedicated line, the leased line assigned a public IP address, the configuration of the entire company can access the network of the host.

Three, the principle of technology

• NAT divides the network into two parts: the internal network and the external network, and when the LAN hosts use NAT to access the network, the local address inside the LAN is converted to the global address (the Internet's legitimate IP address) and the packet is forwarded.

• There are two types of NAT: Nat (network address translation) and NAPT (Network port address translation IP address corresponds to a global address).

• NAPT: Use different ports to map multiple intranet IP addresses to a specified extranet IP address, many to one.

• The NAPT uses a port multiplexing approach. All hosts on the internal network can share a legitimate external IP address to enable access to the Internet, thereby minimizing IP address resources. At the same time, can hide all the hosts inside the network, effectively avoid attacks from the Internet. Therefore, the most application in the network is the port multiplexing method.

Iv. Steps of the experiment

Experimental topology

650) this.width=650; "src=" http://pic002.cnblogs.com/images/2012/370046/2012072422424012.jpg "/>

1, R1 for the company export router, and ISP router through the v.35 cable serial connection, the DCE end connected on the R1, configured its clock frequency of 64000;

2, configure the PC, server and router interface IP address;

3, configure the static routing protocol on each router, so that the PC can ping each other;

4, on the R1 configuration napt;

5, define the internal and external network interface on the R1;

6, verify the interoperability between the host.

R1:

650) this.width=650; "src=" Http://common.cnblogs.com/images/copycode.gif "alt=" Copy Code "/>

router>enrouter#conf tenter configuration commands, one per line.  end with Cntl/z.router (config) #host r1r1 (config) #int fa0/0r1 (config-if) #ip add 192.168.1.1 255.255.255.0r1 ( config-if) #no shut%link-5-changed:interface fastethernet0/0, CHANGED State to Up%lineproto-5-updown:line protocol on Terface fastethernet0/0, changed state to UpR1 (config-if) #exitR1 (config) #int s2/0r1 (config-if) #ip add 200.1.1.1 255.255.255.0R1 (config-if) #no shut%link-5-changed:interface serial2/0, CHANGED State to DownR1 (config-if) #clock rate 64000R1 (config-if) #exitR1 (config) #R1 (config) #R1 (config) #R1 (config) #%link-5-changed:interface serial2/0, CHANGED State to Up%lineproto-5-updown:line protocol in Interface serial2/0, changed state to UpR1 (config) #R1 (config) #ip Route 20  0.1.2.0 255.255.255.0 200.1.1.2                           Configure static route R1 (config) #endR1 #%sys-5-config_i:configured from console by consoler1#show IP routecodes:c-ConnecTed, S-static, I-igrp, R-rip, M-mobile, B-BGP       D-EIGRP, ex-eigrp external, O-OSPF, IA  -OSPF Inter area       N1-OSPF NSSA external type 1, N2-OSPF NSSA external type 2       E1-OSPF external Type 1, E2-OSPF external type 2, E-EGP       I-is-is, L1-is-is level-1, L2-is -is Level-2, Ia-is-is Inter area       *-candidate default, U-per-user static route, O-odr   & nbsp   P-periodic downloaded static routegateway of last resort isn't setc   &NBSP;192.168.1.0/24 is directly conn ected, fastethernet0/0c   &NBSP;200.1.1.0/24 is directly connected, serial2/0s   &NBSP;200.1.2.0/24 [1/0] via 20 0.1.1.2r1#r1#r1#r1#r1#r1#conf tenter configuration commands, one per line.  end with Cntl/z.r1 (config) #int fa0/0r1 (config-if) #ip nat inside R1 (config-if) #exitR1 (config) #int s2/0r1 ( CONFIG-IF) #ip Nat outside R1 (config-if) #exitR1 (config) #access-list?  <1-99>IP standard access list<100-199>IP Extended access listR1 (config) #access-list 1? Deny specify packets to reject permit specify packets to forward remark Access list entry commentR1 (config) #access-  List 1 permit? A.b.c.d Address to match any any source host host A single host addressR1 (config) #access-list 1 Permit 192.168  .1.0? A.B.C.D Wildcard bits<CR>R1 (config) #access-list 1 permit 192.168.1.0 0.0.0.255? <CR>R1 (config) #access-list 1 Permit 192.168.1.0 0.0.0.255//define access Control List R1 (config) #ip nat? Inside inside address translation outside outside address translation pool Define pool of addressesR1 (config) #ip  Nat Pool?  WORD pool nameR1 (config) #ip Nat pool David?  A.B.C.D Start IP addressR1 (config) #ip nat pool David 200.1.1.3?  A.B.C.D End IP addressR1 (config) #ip Nat pool David 200.1.1.3 200.1.1.3?  Netmask Specify the network maskR1 (config) #ip Nat pool David 200.1.1.3 200.1.1.3 netmask?  a.b.c.d Network maskR1 (config) #ip Nat pool David 200.1.1.3 200.1.1.3 netmask 255.255.255.0? <CR>R1 (config) #ip Nat pool David 200.1.1.3 200.1.1.3 netmask 255.255.255.0 R1 (config) #ip nat inside?  Source Source address translationR1 (config) #ip nat inside Source? List specify access list describing local addresses static specify static Local->global mappingR1 (config) #ip nat I  Nside Source list 1? Interface specify interface for global address pool Name pool of global addressesR1 (config) #ip nat inside Source L  Ist 1 pool?  WORD Name Pool of global addressesR1 (config) #ip nat inside source list 1 pool David? Overload overload an address translation<CR>R1 (config) #ip nat inside source List 1 pool David overload? <CR>R1 (config) #ip nat inside source List 1 pool David overload R1 (config) #endR1 #%sys-5-config_i:configured from the console by Co  Nsoler1#show IP nat?                                                      Statistics translation Statistics translations translation entriesr1#show IP NAT Translations There is no record when the host has access to the Web server
R1#r1#show IP NAT Translations//there are hosts accessing the Web Server, generating recordsPro  inside Global     Inside local       Outside local      outside GLOBALTC P 200.1.1.3:1026     192.168.1.2:1026   200.1.2.2:80       200.1.2.2:80r1#show IP Nat transl ations                                 &NB Sp                     //host access from 1.2 and 1.3 Pro  inside global     Inside local       Outside local      outside globaltcp 200.1.1.3:1026     192.16 8.1.2:1026   200.1.2.2:80       200.1.2.2:80tcp 200.1.1.3:1025     192.168.1.3:1025   2 00.1.2.2:80       200.1.2.2:80r1#show IP NAT Translations Pro  inside global     Inside Loca L       Outside local      outside globaltcp 200.1.1.3:1026     192.168.1.2:1026 & nbsp 200.1.2.2:80 &nbsp     200.1.2.2:80TCP 200.1.1.3:1027     192.168.1.2:1027   200.1.2.2:80       200.1 .2.2:80tcp 200.1.1.3:1025     192.168.1.3:1025   200.1.2.2:80       200.1.2.2:80TCP 200.1.1 .3:1024     192.168.1.3:1026   200.1.2.2:80       200.1.2.2:80r1#

650) this.width=650; "src=" Http://common.cnblogs.com/images/copycode.gif "alt=" Copy Code "/>

R2:

650) this.width=650; "src=" Http://common.cnblogs.com/images/copycode.gif "alt=" Copy Code "/>

router>enrouter#conf tenter configuration commands, one per line.   End with cntl/z.router (config) #hostname  r2r2 (config) #int  fa0/0r2 (config-if) #ip  add  200.1.2.1 255.255.255.0R2 (config-if) #no  shut%link-5-changed: interface fastethernet0 /0, changed state to up%lineproto-5-updown: line protocol on interface  FASTETHERNET0/0, CHANGED STATE TO UPR2 (config-if) #exitR2 (config) #int  s2/0r2 ( CONFIG-IF) #ip  add 200.1.1.2 255.255.255.0r2 (config-if) #no  shut%LINK-5-CHANGED:  INTERFACE SERIAL2/0, CHANGED STATE TO UPR2 (config-if) #%LINEPROTO-5-UPDOWN: Line  PROTOCOL ON INTERFACE SERIAL2/0, CHANGED STATE TO UPR2 (config-if) #R2 ( config-if) #R2 (config-if) #exitR2 (config) #ip  route 192.168.1.0 255.255.255.0 200.1.1.1r2 ( Config) #endR2 #%sys-5-config_i: configured from console by consoler2#show ip routecodes: c -  connected, s - static, i - igrp, r - rip, m -  mobile, b - bgp       d - eigrp, ex  - EIGRP external, O - OSPF, IA - OSPF inter area        n1 - ospf nssa external type 1, n2  - ospf nssa external type 2       e1 -  ospf external type 1, e2 - ospf external type 2, e  - EGP       i - IS-IS, L1 - IS-IS  level-1, l2 - is-is level-2, ia - is-is inter area        * - candidate default, U - per-user static route, o -  odr       p - periodic downloaded static  Routegateway of last resort is not sets    192.168.1.0/24  [1/0] via 200.1.1.1c    200.1.1.0/24 is directly connected,  serial2/0c    200.1.2.0/24 is directly connected, fastethernet0/ 0r2#r2#r2#r2#

650) this.width=650; "src=" Http://common.cnblogs.com/images/copycode.gif "alt=" Copy Code "/>

PC1:

650) this.width=650; "src=" Http://common.cnblogs.com/images/copycode.gif "alt=" Copy Code "/>

 packet tracer pc command line 1.0pc>ipconfigip address ......................: 192.168.1.2subnet mask.....................: 255.255.255.0default  Gateway.................: 192.168.1.1pc>ping 200.1.2.2pinging 200.1.2.2 with 32  bytes of data:reply from 200.1.2.2: bytes=32 time=15ms ttl=126reply  from 200.1.2.2: bytes=32 time=16ms ttl=126reply from 200.1.2.2: bytes =32 time=16ms ttl=126reply from 200.1.2.2: bytes=32 time=15ms ttl=126ping  statistics for 200.1.2.2:    Packets: Sent = 4,  received = 4, lost = 0  (0% loss),approximate round trip  times in milli-seconds:    minimum = 15ms, maximum =  16ms, average = 15mspc> 
 

650) this.width=650; "src=" Http://common.cnblogs.com/images/copycode.gif "alt=" Copy Code "/>

Packet Tracer 5.2 Experiment (15) network port address translation NAPT configuration