NAT (Network Address Translation) Features Configuration With the Internet's networks expands with explosive speed, the shortage of IP addresses and routing is increasingly a fairly serious problem. In order to solve this problem, there have been a variety of solutions. An address translation (NAT) function is more effective in the current network environment. The so-called address conversion, that is, the NAT function is to refer to the IP address (without the need to apply), a fake IP address within an organization network. Inside the organization, each computer communicates with a fake IP address. When the internal computer is communicating with the external Internet network, a device with a NAT function (here is the Cisco router) to convert its fake IP address to a true IP address, that is, the legal IP address of the organization's application to communicate . Simply put, NAT is converted in some way. The international standard protocol for NAT is RFC1631. NAT has the following applications: You want to connect to the Internet, but don't want all the computers in your network all have a real Internet IP address. With the NAT function, the legitimate Internet IP address of the application can be unified. When the internal computer needs to be updated, the false IP is converted into a legitimate IP address. You don't want the external network users to know your internal structure of your network, you can isolate the internal network with the external Internet by NAT, and external users don't know your fake IP address. The legal Internet IP address you applied is very small, and your internal network users have many users. A plurality of users can be implemented by NAT functions and a legitimate IP is communicating with external Internet. Note: The Cisco2500 and 1600 Series Routers support NAT features above iOS 11.2. The router for setting the NAT function must have at least one INSIDE port and at least one Outside port. The user within the network connected to the network is used by the false IP address, and the internal port is connected to the internal network. And the internal port can be any router port. External ports are connected to external networks, such as Internet. The external port can be any port on the router. Typical applications, NAT is set on the router at the connection of the internal network and the external utility. NAT is responsible for converting the internal fake IP source to legitimate IP addresses when the IP packet leaves the internal network. When the IP packet enters an internal network, NAT converts the legal IP destination address into internal fake IP addresses. The router that enables NAT function must not broadcast internal network routing to the outside. However, routing information from external broadcasts, the router can be accepted. Several concepts of NAT: Inside local address: assigned to a fake IP address of a computer in the internal network (Inside Global Address): When entering IP communication outside, represents one or more internal local addresses Legal IP address. NAT settings can be divided into static address translation, dynamic address translation, multiplex dynamic address translation. Static address conversion static address translation will convert the internal local address with the internal legitimate address and need to specify and which legal address is converted. If the internal network has an E-mail server or an FTP server, the IP address of these servers must use static address translation so that external users can use them. Dynamic address conversion: Dynamic address conversion also converts the local address with the internal legal address one-to-one, but dynamically selects the address used by the internal legal address pool to convert the internal local address.
Reuse Dynamic Address Conversion: Dynamic address conversion is first a dynamic address translation, but it can allow multiple internal local addresses to share an internal legal address. This conversion is extremely useful to apply only to a small number of IP addresses but often more than the user's external network. Note: How does the external network recognizes when multiple users use an IP address? The interior of the router uses the upper layer such as TCP or UDP port number and the like to identify a computer. Static address conversion basic configuration step: establish a static address conversion between the internal local address and the internal legal address. IP NAT INSIDE SOURCE STATIC Internal Local Address Internal Portal Specifies the internal port of the connection network In port settings, IP NAT INSIDE Specifies the external port of the connection external network in the port setting state IP NAT OUTSIDE Note: You can define multiple internal ports and Multiple external ports. Dynamic Address Conversion Basic Configuration Steps: In Global Setup Mode, define internal legal address pool IP NAT POOL address pool name start IP address Termination IP address subnet mask where the address pool name can be arbitrarily set. In global setting mode, define a standard Access-List rule to allow which internal addresses can be transformed. Access-List Number Permit source address wildcard is an integer between 1-99. In global setting mode, the internal local address specified by Access-List is interested in addressing the specified internal legal address pool. IP NAT INSIDE SOURCE LIST Access-List Number POOL Internal Legal Address Pool Name Specifies the internal port connected to the internal network In port settings: IP NAT Inside specifies external port IP Nat Outside multiplexed dynamic address conversion configuration steps with external network : In global setting mode, define internal integration address pool IP NAT pool address pool name start IP address Termination IP address subnet mask where address pool name can be set. In global setting mode, define a standard Access-List rule to allow which internal local addresses can perform dynamic address conversion. Access-List Number Permit source address wildcard is an integer between 1-99. In the global setting mode, the internal local address is set to establish multiplex dynamic address translations between internal legitimate IP addresses. IP NAT INSIDE SOURCE LIST Access-List Number Pool Internal Legal Address Pool Name OverLoad In Port Setting Status, specifying internal port IP NAT INSIDE connected to the internal network In port settings, specify external ports connected to external network IP Nat Outside Example: Two routers are directly connected in this example. One of them is a router that is an internal network, another router equivalent to an external network. This example simultaneously applies three NAT address conversion functions. The ETH port of 2511 is used as the internal port, and the synchronization port 0 is used as the external port. The internal local addresses of 10.1.1.1.1.12, 10.1.1.12 use static address translation. The 10.1.2.0 network segment uses dynamic address translation. The 10.1.3.0 network segment adopts multiplexed dynamic address translation. To confirm the address multiplexing function, the multiplex address pool only uses an IP address, ie 192.31.1.31. In this example, two PCs on 10.1.3.0 simultaneously ping another router. The internal router can be found via DEBUG equivalent to multiplexing IPs in a time-time.
