Nat route address translation

Nat route address translation nat lo0: 2.2 r1 (R2) s1/0 ---- s2/0 r1 (R1) lo0 1.1 s1/0 -------- s2/0 r3 lo0 3.3 step 1... r1: en config t hostname R2 no ip domain-lookup lin 0 exec-timeout 0 0 logging syn exit int lo 0 ip add 2.2.2.2 255.255.255.255 exit int s1/0 ip add 192.168.0.2 255.255.0 no shutdown exitr2 en config t hostname R1 no ip domain-lookup lin 0 exec-timeout 0 0 logging syn exit int lo 0 ip add 1.1.1.1 25 5.20.255.255 exit int s2/0 ip add 192.168.0.1 255.255.255.0 no shutdown exit int s1/0 ip add 13.1.1.1 255.255.0 no shutdown exitr3 en config t hostname R3 no ip domain-lookup lin 0 exec-timeout 0 0 logging syn exit int lo 0 ip add 3.3.3.3 255.255.255.255 exit int s2/0 ip add 13.1.1.3 255.255.255.0 no shutdown exitR1 ping 13.1.1.3r1 ping 192.168.0.2 --------------------------------------------- ---------------------------- Step 2r1 config t access-list 10 permit 192.168.0.0 0.0.255 endr1 show ip access-listr1 config t ip nat pool? Ip nat pool natpool? Ip nat pool natpool 13.1.1.1? Ip nat pool natpool 13.1.1.1 13.1.1.1? (Only 13.1.1.1) // ip nat pool natpool 13.1.1.1 13.1.1.2 (two addresses available) ip nat pool natpool 13.1.1.1 13.1.1.2 netmask // ip nat pool natpool 13.1.1.1 13.1.1.2 prefix-length? Ip nat pool natpool 13.1.1.1 13.1.1.2 prefix-length 24 endr1 config t interface s1/0 ip nat outside exit interface s2/0 ip nat inside exit ip nat? Ip nat inside? Ip nat inside source? Ip nat inside source list? Ip nat inside source list 10? Ip nat inside source list 10 pool? Ip nat inside source list 10 pool natpool endr1 show ip nat? R1 show ip nat route step 3r2 config t no ip routing (turn off the routing function for r2) endr2 show ip router2 config t ip routing (turn on the r2 routing function) endr2 show ip route r2 config t no ip routing end route step 4r2 ping 3.3.3.3r2 config t ip default-gateway 192.168.0.1 (set the default gateway route In this case, the router must disable the routing function) endr2 ping 3.3.3r2 debug ip packetr2 unade all r1 config t intface s1/0 no ip rote-cache exitr1 debug ip packetr1 unde allr1 show ip router1 config t ip route 3.3.3.3 limit 255 s1/0 13.1.1.3 endr1 show ip router1 show runr1 config t no ip route 3.3.3.3 255.255.255.255 s1/0 13.1.1.3 (because R3 can only be used as the ISP to write the default route) endr1 config t ip route 0.0.0.0 0.0.0.0 s1/0 13.1.1.3 (default route) endr1 s How ip router2 ping 3.3.3r2 debug ip packetr2 ping 3.3.3.3r1 debug ip packetr1 config t interface s1/0 no ip route-cache endr2 ping 3.3.3.3r1 unde allr3 debug ip packetr3 unde all else step 5r1 show ip nat translationsr1 show run (check the address pool) r2 config t intface s1/0 ip add 192.168.0.3 255.255.255.0 secondary) EndR2 ping 3.3.3.3 source 192.168.0.2 r2 ping 3.3.3.3 source 192.168.0.3r1 show ip nat translationsr2 conifig t int s1/0 ip add 192.168.0.4 255.255.255.0 secondary (start the secondary address and then simulate a PC) endr2 ping 3.3.3.3 source 192.168.0.4 u (this ping fails because nat is a one-to-one address translation) r1 show ip nat translations (we can see that the two addresses are occupied) r1 clear ip nat translation * (clear) r1 show ip nat translations (should be empty) r2 ping 3.3.3.3 source 192.168.0.4 !!! !! R2 ping 3.3.3.3 source 192.168.0.3 !!!!! R2 ping 3.3.3.3 source 192.168.0.2 uuuu (it doesn't get through) r1 show ip nat translations r1 debug ip packetr2 debug ip packetr3 debug ip packetr1 clear ip nat translation * r2 ping 3.3.3.3 source 192.168.0.2 ipvr2 s: 192.168.0.2 d 3.3.3.3 r1 s: 13.1.1.1 d: 3.3.3.3ip nat inside source list 10 pool natpoolnatpool: 13.1.1.1 --- 13.1.1. 2 rcvd: the layer-3 address in the traditional routing network does not change the NAT address because of the router forwarding. It is to convert one or more addresses to another address. The NAT address is configured with the ip address r1 show ip int brir2 show ip int. brir3 show ip int brir2 config t no ip routing no ip default-gateway 192.168.0.1 exitr1 config t ip route 0.0.0.0 0.0.0 13.1.1.3 endr1 config t access-list 10 permit 192.168.0.0 0.0.0.255 interface s2/0 ip nat inside Inter s1/0 ip nat outside endr1 config t ip nat inside source list 10? Ip nat inside source list 10 interface s1/0? Ip nat inside source list 10 interface s1/0 overload endr3 config t line vty 0 4 no login endr1 telnet 3.3.3.3trying 3.3.3.3 .... openr3> r1 # disconnect 1 closing connection to 3.3.3.3 [confirm] r2 telnet 3.3.3.3trying 3.3.3.3 .... openr3> r1 show ip nat translationsr2 config t inter s1/0 ip add 192.168.0.3 255.255.255.0 secondary endr2 ping 3.3.3.3 source 192.168.0.3r1 show ip nat translationsr2 config T int s1/0 ip add 192.168.0.4 255.255.255.0 secondary ip add 192.168.0.5 255.255.255.255.0 secondary endr2 ping 3.3.3.3 source 192.168.0.5 !!!!! R2 ping 3.3.3.3 source 192.168.0.4 !!!!! R2 ping 3.3.3.3 source 192.168.0.3 !!!!! R2 ping 3.3.3.3 source 192.168.0.2 !!!!! R1 show ip nat translations (note the icmp port number) r1 clear ip nat translation * r1 show ip nat translationr1 config t int s2/0 no ip route-cache int s1/0 no ip route-cache endr3 debug ip packet detailr2 telnet 3.3.3r3> r2 # disconnect 1 closing connection to 3.3.3.3 [confirm] r2 config t interface s1/0 ip add 192.168.100.1 255.255.255.0 secondary (check whether the 100 network segment will be converted) endr1 show ip access-list (the following items are not converted if they do not match )-------- -------------------------------------------------------------------------- Static NAT and port Xie r3 ping 192.168.0.2... r3 show ip route r3 config t ip route 192.168.0.0 255.255.255.0 13.1.1.1 endr3 ping 192.168.0.2 !!!!! R3 config t no ip route 192.168.0.0 255.255.255.0 13.1.1.1 (How does R3 have your private ip address) endr3 show ip router2 show run int s1/0r2 config t int s1/0 ip add 192.168.0.100 255.255.255.0 secondary endr1 show ip router1 config t ip nat inside source static? Ip nat inside source static 192.168.0.100? Ip nat inside source static 192.168.0.100 13.1.1.100 (static shadow) endr1 show ip nat translationsr3 ping 13.1.1.100 (actually PING 192.168.0.100 )!!!!! R3 debug ip packetr2 debug ip packetr1 debug ip packetr3 ping 13.1.1.100 guest port Xie r2 config t line vty 0 4 no login endr1 show run config t no ip nat inside source static 192.168.0.100 13.1.1.100 (delete) endr3 unde allr1 config t ip nat inside source? Ip nat inside source static? Ip nat inside source static tcp? Ip nat inside source static tcp 192.168.0.100? Ip nat inside source static tcp 192.168.0.100 23? Ip nat inside source static tcp 192.168.0.100 23 13.1.1.100? Ip nat inside source static tcp 192.168.0.100 23 13.1.1.100 23 endr3 telnet 13.1.1.100trying 13.1.1.100... openr2> r1 show ip nat translationsr2 show runr2 ping 3.3.3.3 source 192.168.0.4 (Other PAT tasks are not affected )!!!! R1 show ip nat translations ---------------------------------------------------------------------------------- there must be rich experience in setting the timeout time below. R2 ping 3.3.3.3 source 192.168.0.2 !!!! R2 ping 3.3.3.3 source 192.168.0.3 !!!! R2 ping 3.3.3.3 source 192.168.0.4 !!!! R2 ping 3.3.3.3 source 192.168.0.100 !!!! R1 unde allr1 show ip nat translationsr1 config t ip nat? Ip nat service? Ip nat translations? (Dns-timeout finrst-timeout: tcp3 handshake icmp-timeout: Default 2 seconds max-port-timeout: the largest entry: pptp-timeout syn-timeout tcp-timeout udp-timeout) ip nat translations dns-timeout? Ip nat translations dns-timeout 30 ip nat translations max-timeout? Ip nat translations max-timeout 500 ip nat translations icmp-timeout 100 endr1 clear ip nat translation * r1 show ip nat translationr1 config t & nside source static tcp 192.168.0.100 23 13.1.1.100 23 extendablestatic endtry in use, do you want to delete child entries? [No] y endr1 show ip nat translationsr2 telnet 3.3.3trying 3.3.3.3... openr3> r1 show ip nat translations merge NAT and ACL are two problems for enterprises to access the Internet. NAT table web dns pop ftp the second step is to optimize ipvs = 192.168.0.2 (local) d = 3.3.3.3 (seriall1/1) tcp src = 16544 dst = 23 forward