To configure the NAT feature on the Cisco router

With the rapid development of Internet network, the shortage of IP address has become a very prominent problem. In order to solve this problem, there are many solutions. The following are some of the more effective ways to address translation (NAT) in the current network environment.





First, Nat introduction




The function of
NAT (network address translation) is to refer to IP addresses that can be customized as needed, without the need for application, within a network. Within the network, each computer communicates through an internal IP address. When an internal computer communicates with an external Internet network, a NAT-capable device, such as a router, is responsible for converting its internal IP address to a legitimate IP address (that is, the requested IP address).





the application environment of NAT





Situation 1: An enterprise does not want external network users to know their internal structure of the network, you can use NAT to isolate the internal network from the external Internet, then the external users do not know the internal IP address set through NAT.





2: An enterprise requests a small number of legitimate Internet IP addresses, and many internal network users. The NAT feature enables multiple users to communicate with the external Internet at the same time by using a legitimate IP.





third, the hardware configuration and software configuration of the router required for NAT are set:





the router that sets the NAT feature must have at least one internal port (Inside) and one external port (Outside). The internal IP address is used by the network user who is connected to the inner port.




The
internal port can be any one router port. External ports are connected to an external network, such as the Internet. The external port can be any port on the router.




The
router that sets the NAT feature should support the NAT feature (the router used in this article is Cisco2501 and its iOS supports NAT for more than 11.2 versions).





Four, some concepts about NAT:





Internal local addresses: internal IP addresses assigned to computers in the internal network (Inside).





internal legal addresses (Inside Global Address): A legal IP address that represents one or more internal local addresses when entering IP traffic. An IP address that requires an application before it can be obtained.





Five, Nat setting method:





NAT settings can be divided into static address translation, dynamic address translation, and multiplex dynamic address conversion.





1, static address translation applicable to the environment





static Address translation Converts an internal local address and an internal legal address to one on one, and needs to specify and which legal address to convert. If the internal network has services such as an e-mail server or an FTP server that can be provided to external users, the IP addresses of these servers must be converted to static addresses so that they can be used by external users.





static address Translation Basic configuration steps:





(1), a static address translation is established between the internal local address and the internal legal address. Enter in global settings:





Ip nat inside source static internal local address internal legal address





(2), the internal port of the specified connection network is entered in the Port setting state:





IP nat inside





(3), specifies that the external port connected to the external network is entered in the Port setting state:





IP nat outside





Note: You can define multiple internal ports and multiple external ports according to the actual needs.





Instance 1:





This example realizes the static NAT address translation function. Use 2501 of the Ethernet port as the internal and sync port 0 as the external port. Where 10.1.1.2,10.1.1.3,10.1.1.4 's internal local address is static address translation. Its internal legal address corresponds to 192.1.1.2,192.1.1.3,192.1.1.4 respectively.





Router 2501 configuration:





Current configuration:





Version 11.3





No service password-encryption





hostname 2501





IP nat inside source static 10.1.1.2 192.1.1.2





IP nat inside source static 10.1.1.3 192.1.1.3





IP nat inside source static 10.1.1.4 192.1.1.4





Interface Ethernet0





IP address 10.1.1.1 255.255.255.0





IP nat inside





Interface Serial0





IP address 192.1.1.1 255.255.255.0





IP nat outside





no IP mroute-cache





Bandwidth 2000





No Fair-queue





clockrate 2000000





Interface Serial1





No IP address





shutdown





No IP classless





IP route 0.0.0.0 0.0.0.0 Serial0





Line con 0





line aux 0





Line vty 0 4





password Cisco





End




After the
configuration is complete, you can view it with the following statement:





show ip Nat Statistcs





show ip NAT translations





2, dynamic address translation applicable environment:





Dynamic Address Translation is also a one-to-one conversion of the local address to the internal legal address, but the dynamic address translation converts the internal local address dynamically from the internal legal address pool by selecting a last-used address.





dynamic address Translation Basic configuration steps:





(1), in global setting mode, defines the internal legal address pool





IP NAT pool address pool name Start IP address IP address subnet mask





where the address pool name can be set arbitrarily.





(2), in global setting mode, defines a standard access-list rule to allow which internal addresses can be dynamic address translation.





access-list Label Permit Source address wildcard character





an integer with a label of 1-99.


(3), in global settings mode, addresses the internal local address specified by Access-list with the specified internal legal address pool.





IP NAT Inside source list access list label pool internal legal address pools name





(4), specifies the internal port that is connected to the internal network in the port setting state:





IP nat inside





(5), specifying an external port connected to the external network





Ip Nat outside





Instance 2:





the hardware configuration in this example, the dynamic NAT address translation function is used. Use 2501 of the Ethernet port as the internal and sync port 0 as the external port. The 10.1.1.0 network segment adopts dynamic address conversion. Corresponding internal legal address for 192.1.1.2~192.1.1.10





Current configuration:





Version 11.3





No service password-encryption





hostname 2501





IP nat Pool AAA 192.1.1.2 192.1.1.10 netmask 255.255.255.0





IP nat inside source list 1 pool AAA





Interface Ethernet0





IP address 10.1.1.1 255.255.255.0





IP nat inside





Interface Serial0





IP address 192.1.1.1 255.255.255.0





IP nat outside





no IP mroute-cache





Bandwidth 2000





No Fair-queue





clockrate 2000000





Interface Serial1





No IP address





shutdown





No IP classless





IP route 0.0.0.0 0.0.0.0 Serial0





access-list 1 Permit 10.1.1.0 0.0.0.255





Line con 0





line aux 0





Line vty 0 4





password Cisco





End





3, multiplex dynamic address conversion applicable environment:





Dynamic Address Translation is a dynamic address conversion, but it can allow multiple internal local addresses to share an internal legal address. This conversion is extremely useful when only a small number of IP addresses are applied to the external network, but often with more than the number of legitimate addresses.





Note: When multiple users use an IP address at the same time, the external network uses the upper layer of the router to uniquely identify a computer, such as a TCP or UDP port number.





Complex Dynamic Address transformation configuration steps:





defines the internal address pool in global setting mode





IP NAT pool address pool name Start IP address IP address subnet mask





where the address pool name can be set arbitrarily.





in global settings mode, define a standard access-list rule to allow which internal local addresses can be dynamic address translation.





access-list Label Permit Source address wildcard character





an integer with a label of 1-99.





in the global setting mode, a multiplex dynamic address conversion is set up between the internal local address and the internal legal IP address.





IP NAT Inside source list access list label pool internal legal address pools name Overload





specifies the internal ports that are connected to the internal network in the Port Setup State





IP nat inside





specifies an external port that is connected to the external network, in the Port settings state





IP nat outside





Example: A multiplex dynamic NAT address translation function is applied. Use 2501 of the Ethernet port as the internal and sync port 0 as the external port. The 10.1.1.0 network segment uses the multiplex dynamic address conversion. Suppose the enterprise only applies for a valid IP address 192.1.1.1.




Configuration of
2501





Current configuration:





Version 11.3





No service password-encryption





hostname 2501





IP nat pool bbb 192.1.1.1 192.1.1.1 netmask 255.255.255.0





IP nat inside source List 1 pool BBB overload





Interface Ethernet0





IP address 10.1.1.1 255.255.255.0





IP nat inside





Interface Serial0





IP address 192.1.1.1 255.255.255.0





IP nat outside





no IP mroute-cache





Bandwidth 2000





No Fair-queue





clockrate 2000000





Interface Serial1





No IP address





shutdown





No IP classless





IP route 0.0.0.0 0.0.0.0 Serial0





access-list 1 Permit 10.1.1.0 0.0.0.255





Line con 0





line aux 0





Line vty 0 4





password Cisco





End