Vronat NAT application environment and configuration details

The application environment and configuration of vronat NAT are described in detail. With the rapid development of the Internet, the shortage of IP addresses has become a very prominent problem. A variety of solutions have emerged to solve this problem. The following describes an effective method in the current network environment: address translation (NAT. 1. NAT description www.2cto.com the function of NAT (Network Address Translation) refers to the IP Address that can be customized within a Network as needed without application. In the network, computers communicate through internal IP addresses. When the internal computer needs to communicate with the external internet, the device with the NAT Function (such as a router) converts an internal IP address to a valid IP address (that is, the requested IP address) for communication.
Ii. NAT application environment: Situation 1: an enterprise does not want external network users to know its internal network structure. It can isolate the internal network from the external Internet through NAT, the external user does not know the internal IP address set through NAT. Case 2: An enterprise applies for a small number of valid Internet IP addresses, and there are many internal network users. You can use the NAT Function to allow multiple users to communicate with the external Internet by sharing a valid IP address at the same time. 3. Configure the hardware and software of the vro required for NAT: The vro that sets the NAT Function must have at least one internal port (Inside) and one external port (Outside ). The network user connecting to an internal port uses an internal IP address. The internal port can be any vro port. The external port is connected to an external network, such as the Internet. The external port can be any port on the router. In this example, Cisco2501 is used, and IOS 11.2 and later versions Support NAT ).
4. Several Concepts about NAT: internal local address: the internal IP address assigned to the computer in the internal network. Inside global address: valid IP addresses that indicate one or more internal local addresses when an external IP address is used for communication. The IP address that can be obtained only after application. 5. NAT settings: www.2cto.com NAT settings can be divided into static address translation, dynamic address translation, and multiplexing dynamic address translation. 1. For environment static address translation, static address translation performs one-to-one conversion between the internal local address and the internal legal address, and specifies the legal address to be converted. If there are E-mail servers or FTP servers in the internal network that can provide services to external users, the IP addresses of these servers must adopt static address translation so that external users can use these services.
Basic configuration steps for static address translation: (1) create a static address conversion between the internal local address and the internal legal address. In the global settings state, enter the valid Ip address inside the nat inside source static local address (2), and specify the internal port connecting to the network. In the port setting state, enter: ip nat inside (3), specify the external port connected to the external network, and enter: ip nat outside in the port setting state. Note: you can define multiple internal ports and multiple external ports as needed. Instance 1: This instance implements static NAT address translation. Use the 2501 Ethernet port as the internal port and the synchronization port 0 as the external port. The internal local addresses 10.1.1.2, 10.1.1.3, and 10.1.1.4 use static address conversion. The valid internal addresses are respectively 192.1.1.2, 192.1.1.3, and 192.1.1.4.
Vro2501 configuration: Current configuration: version 11.3no service password-Internal 2501ip nat inside source static 10.1.1.2 internal nat inside source static 10.1.1.3 internal nat inside source static 10.1.1.4 192.1.1.4interface Ethernet0ip address 10.1.1.1 internal nat inside interface Serial0ip address 192.1.1.1 internal nat outsideno ip mroute-cachebandwidth 2000no fair-queueclockrate 2000000 interface Serial1no ip addressshutdownno ip classlessip route 0.0.0.0 0.0.0.0 Serial0line con 0 line aux 0 line vty 0 4 password ciscoend
After the configuration is complete, you can use the following statement to view: show ip nat statistcsshow ip nat translations 2. Environment for Dynamic Address Translation: dynamic address translation is also a one-to-one conversion between a local address and a valid internal address, however, dynamic address translation dynamically selects a last address from the internal valid address pool to convert the internal local address. Basic configuration steps for Dynamic Address Translation: (1) in global setting mode, define an internal valid address pool ip address nat pool address pool name start ip address termination ip address subnet mask where the address pool name can be set arbitrarily. Www.2cto.com (2). In Global Setting Mode, define a standard access-list rule to allow dynamic address translation for internal addresses. Access-list label permit source address wildcard where the number is an integer between 1 and 99. (3) In global setting mode, address translation is performed between the internal local address specified by access-list and the specified internal legal address pool. Ip nat inside source list access list number: name of the pool's internal legal address pool (4), specify the internal port connected to the internal network in the port setting status: ip nat inside (5), specify the external port Ip address that is connected to the external network nat outside