Virtual Private Network VPN and Network Address Translation NAT

Vpc vpn and Network Address Translation NAT 1. dedicated addresses in the Internet ① 10.0.0.0 to 10.255.255.255 (can be counted as 10.0.0.0/8, also known as 24-bit blocks) ② 172.16.0.0 to 172.31.255.255 (can be counted as 172.16.0.0/12, also known as 20-bit blocks) ③ 192.168.0.0 to 192.168.255.255 (which can be counted as 192.168.0.0/16, also known as 16-bit blocks) these addresses are dedicated addresses that are only applicable to internal communication within the Organization and all routers in the Internet, data Packets whose destination address is a dedicated address are not forwarded. 2. VPN can use the dedicated address above to establish an intranet. However, sometimes many parts of some organizations are distributed in distant locations. Different locations have their own private networks. If these private networks need to communicate, there are two ways. One is to lease a line of a telecommunications company, but the cost is high; the other is to establish a VPN. An example of establishing a VPN is as follows: Obviously, each site must have at least one vro with a valid global IP address, namely, R1 and R2. The interface addresses of the two routers and the Internet must be valid global addresses. The interface addresses inside the private network are the local addresses of the private network. If the host in Site A needs to communicate with the host in Site B, it must pass through R1 and R2. 3. A problem with NAT is that there is a private address for the host inside the private network, but Youxiang communicates with the host on the Internet. What should I do? Network Address Translation (NAT) is used to solve this problem. In this method, you first need to install NAT software on the router connected to the Internet from the private network. That is, when the host of the private network communicates with the external network and the data packet passes through the NAT router, the NAT router converts the private network address into a global address, and then records the conversion pair. When receiving a packet sent to a global address, the packet is then forwarded to a host in the Intranet (the internal host corresponding to the address ). For example, if a NAT router has N global addresses, it can support simultaneous communication between N hosts in the private network and the Internet. In this way, more hosts in the dedicated network can use the N global addresses in turn. Note: Due to address translation, the communication through the NAT router must be initiated by the host in the private network. Understanding ??? Because I didn't know how to convert it at the beginning. Therefore, hosts in the private network cannot be used as servers. To make more effective use of the global IP address on the NAT router, the commonly used NAT translation table also exploits the port number of the transport layer. For example, the Global Address of the dedicated network host with different IP addresses is the same, but the port number is different.