Solve the IP address shortage problem through the NAT Function of the router

1. NAT Overview

NATNetwork Address Translation) the network Address Translation function is to convert an illegal IP Address defined within the enterprise to a legal IP Address recognized on the Internet.

Due to the limitation of IPv4, the Internet is facing a shortage of IP address space. It is unrealistic to apply from the ISP and assign a valid IP address to each employee of the enterprise. NAT can effectively solve the IPV4 address shortage problem at present.

Currently, all vro products of Digital China, including DCR-2500 series, DCR-1700 series and DCR-3600 series, support NAT Function, and rich functions.

Next, we will briefly introduce the principles of the Digital China router NAT.

II. Introduction to NAT principles and configurations

The NAT device maintains a status table to map illegal IP addresses to valid IP addresses.

We take the DCR-1700 router as an example.
Run:

Router (config) # show ip nat translation

Display should be:

Inside local, that is, the internal local address-the IP address assigned to a host on the internal network, usually the private address defined by the network administrator. Inside global, that is, the internal global address, a valid IP address, describes one or more local legal IP addresses to the external network. Outside local, that is, the external local address-the IP address of an external host that appears in the internal network. It is not necessarily a valid address. It can be allocated from the address space that can be routed in the internal network. Outside global, that is, the external global address-the IP address assigned to the host by the host owner on the external network. This address can be allocated from a global routable address or network space.

Shenzhou.com vrouters currently support internal address translation, external address translation, and bidirectional address translation.
Internal address translation includes: static Single address translation for source addresses, static subnet translation for source addresses, static tcp translation for source addresses, static udp translation for source addresses, source address access list + address pool translation, source address access list + device interface translation, and target address access list + address pool translation.
External address translation includes static single address translation for source addresses, static subnet translation for source addresses, static tcp translation for source addresses, static udp translation for source addresses, source address access list + address pool translation.
In digital China routers, NAT can be divided into three types: static NATstaticNAT), NAT pool pooledNAT), and port NATPAT ).
Static NAT
Each host in the internal network is permanently mapped to a valid address in the external network. For example, the configuration of the DCR-1700/3600 router:

Ip nat inside source static 192.168.1.5 211.168.79.75

Permanently map 192.168.1.5 to globally valid IP211.168.79.75. This function can be applied to WWW Publishing, Ftp Server, and Mail Server on the Intranet.
NAT pool
A nat pool refers to a combination of IP addresses applied to the ISP. In a vro, the group of IP addresses is defined as a NAT pool. Through dynamic allocation, share a small number of valid external IP addresses. If all the dynamically allocated external IP addresses in the NAT pool are occupied, subsequent NAT translation requests will fail. Address overloading can be used to identify different connections by port numbers.
For example, DCR-2501/DCR-1700/DCR-3600 router configuration:

Ip access-list standard 1 permit 192.168.1.0 255.255.255.0 // local address configuration in the LAN Ip nat pool DCR 211.1.1.1 211.1.1.2 255.255.255.252 // configure the NAT pool in the LAN Ip nat inside source list 1 pool DCR overload // address overload Configuration

If there are 20 PCs in the LAN, but only two valid IP addresses 211.1.1.1 and 211.1.1.2 can be applied to the ISP, all the PCs can access the Internet at the same time through the above configuration. We recommend that you use the address overload function.
PAT

Nat static add port tcp 80 200.1.1.61

PAT, that is, port address translation. With PAT technology, you only need to apply for a valid IP address from the ISP to allow all users to access the Internet. PAT can connect 64500 TCP/IP and UDP/IP addresses at the same time, but the number of workstations is smaller.
For example, DCR-2501/DCR-1700/DCR-3600 router configuration:

Ip access-list standard 1 permit 192.168.1.0 255.255.255.0 Ip nat inside source list 1 interface Serial0/0 overload // specify the ip address of the Serial0/0 port when LIST 1 accesses the internet.