At present, many enterprises have built internal LAN, but with the advent of the INTERNET era, only setting up LAN can no longer meet the needs of many enterprises. More users need to publish information on the INTERNET, or information retrieval, connecting the enterprise intranet to the INTERNET has become an urgent requirement for many enterprises. There are many ways to connect a LAN to the INTERNET, such as using ISDN or general dialing) + proxy server software WINGATE or gateway server software SYGATE and ddnleased line. Ddnleased line has the following advantages: (1) DDN is a synchronous data transmission network and does not have the exchange function; (2) high transmission rate, low network latency; (3) DDN is a fully transparent network, it supports the network layer and any protocols on it to meet the needs of multiple businesses, such as data, images, and sounds. With the adjustment of telecom fees, it is ideal to use ddnleased lines. With the rapid development of INTERNET, the shortage of IP addresses has become a very prominent problem. A variety of solutions have emerged to solve this problem. The following describes how to use the NAT Network Address Translation Service to solve this problem.
1. NAT Introduction
The NAT Function is to connect a network with a private IP address to the INTERNET of a public network. When an internal network with a private IP address sends data through a NAT router, the private address is converted to a valid registered IP address to communicate with other hosts on the INTERNET. The NAT router is placed on the border between the Intranet and the INTERNET and the source address of the packet is converted to a valid IP address before the packet is sent to the external network. When multiple internal hosts share a valid IP address, address translation changes the source port of the outgoing data packet through port multiplexing and completes port ing.
Ii. NAT Work Process
Assume that when a company applies for a ddnleased line, the valid address provided by China Telecom is 61.138.0.93/30, 61.128.0.94/30, the internal network address of the company is 192.168.0.0/24, and the local port address of the router is 192.168.0.254/24, wan port address 61.138.0.93/30,1 (File Name: 1.jpg)
When 192.168.0.1/24 sends a request to the server 202.98.0.66 on the INTERNET, the corresponding operation procedure is as follows:
(1) The user of the internal host 192.168.0.1/24 sends a connection request to the host 202.98.0.66 on the INTERNET;
(2) When the VBR receives the first packet from the internal host, it checks its NAT ing table. If no ing is established for the IP address, the vro decides to perform address translation for the IP address, the router maps the internal IP address 192.168.0.1 to the valid IP address 61.138.0.93, and attaches port information to differentiate the ing with other internal hosts.
(3) the virtual border router uses a valid IP address 61.138.0.93 and a port number to replace the internal IP address 192.168.0.1 and the corresponding port number, and forwards the packet
(4) The INTERNET server 202.98.0.66 receives the packet and responds to the internal host 192.168.0.1 with the packet address 61.138.0.93;
When the VBR receives a packet whose destination address is 61.138.0.93, the VBR uses this IP address and port number to find the corresponding internal address and port number from the NAT ing table, then, the destination address of the data packet is converted to the internal address 192.168.0.1, and the data packet is sent to the host. For each request router, the steps 2-5 are repeated.
Vronat NAT Function Configuration
The preceding assumptions are used as an example to describe how to configure the NAT Function under the CISCO and 3COM routers.
(I) CISCO Router
Taking CISCO2501 as an example, the IOS version is required to be 11.2 or later.
Cisco2501 # conf t
Cisco2501 (config) # int e0
Cisco2501 (config-if) # ip address 192.168.0.254 255.255.255.0
Cisco2501 (config-if) # ip nat inside
(Specify the e0 port as the internal port connected to the Intranet)
Cisco2501 (config-if) # int s0
Cisco2501 (config-if) # encapsulation ppp
(The encapsulation method is PPP)
Cisco2501 (config-if) # ip address 61.138.0.93 255.255.255.252
Cisco2501 (config-if) # ip nat outside
Specify s0 as the external port connected to the external network)
Cisco2501 (config-if) # exit
Cisco2501 (config) # bandwidth 128
Specify the network bandwidth of 128 KB)
Cisco2501 (config) # ip route 0.0.0.0 0.0.0.0 Serial0
Specify the default route)
Cisco2501 (config) # ip nat pool a 61.138.0.93 61.138.0.93 netmask 255.255.252
Specify the internal legal address pool, starting address, and ending address as legal IP 61.138.0.93)
Cisco2501 (config) # access-list 1 permit 192.168.0.0 0.0.255
Define a standard access-list rule to allow which internal addresses can be converted)
Cisco2501 (config) # ip nat inside source list 1 pool a overload
Set up address translation between internal addresses and valid IP addresses)
Cisco2501 (config) # end
Cisco2501 # wr
(Ii) 3COM Router
Taking 3COM OCBN8832 as an example, the software version must be later than 11.0.
Register as root and perform the following configuration
(1) configure the LAN port
[1] EnterpriseOS # setdefault! 1-ip netaddress = 192.168.0.254 255.255.255.0
[2] EnterpriseOS # setdefault !! -Path control = enable: activates the local port PATH of the router)
[3] EnterpriseOS # setdefault! 1-port control = enable to activate the local PORT of the router)
(2) Configure Wan serial port
[4] EnterpriseOS # setdefault! 3-path linetype = leased (specify the communication line type used by this port)
[5] EnterpriseOS # setdefault! 4-port owner = ppp (indicates the user of the port)
[6] EnterpriseOS # setdefault! 4-ip netaddress = 61.138.0.93 255.255.255.252
[7] EnterpriseOS # setdefault! 4-nat addressmap 192.168.0.0/24 61.138.0.93 outbound
(Convert the IP address used by the host inside 192.168.0.0/24 to 61.138.0.93)
[8] EnterpriseOS # setdault! 4-nat control = enable (enable NAT service)
[9] EnterpriseOS # setdault! 3-path control = enable
[10] EnterpriseOS # setdault! 4-port control = enalbe,
(3) configure the default route
[11] EnterpriseOS # setdault-ip control = router activates the router's routing function)
[12] EnterpriseOS # add-ip route 0.0.0.0 0.0.0.0! 4
Related Articles]
- Address shortage through vronat NAT
- Thoughts on NAT speed limit for access routers
- Try to shield nat from the TCP/IP protocol stack