Not a good thing, don't give you everyone, huh, ha -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------- AQBHC
With the rapid development of Internet's network, the shortage of IP addresses has become a very prominent issue. In order to solve this problem, there have been a variety of solutions. The following sessile is a more effective method, an address conversion (NAT) function, which is more effective in the current network environment.
First, NAT introduction
The function of NAT (Network Address Translation) is to refer to an IP address within a network, which can be free from the IP address, without the need to apply. Inside the network, each computer communicates with the internal IP address. When the internal computer is to communicate with an external Internet network, a device with a NAT function (such as a router) is responsible for communicating the IP address therebetween to legitimate IP addresses (ie, the application IP address) communicates.
Second, NAT application environment:
Situation 1: An enterprise does not want external network users to know their own network internal structures, can isolate the internal network with external Internet by NAT, and external users do not know the internal IP address set by NAT.
Case 2: The legal Internet IP address of a business application is small, and there are many internal network users. A plurality of users can be implemented by NAT functions simultaneously a legal IP is communicating with external Internet.
Third, set the hardware configuration and software configuration of the router required for NAT:
The router that sets the NAT function must have at least one internal port (Inside), an external port (Outside). The network user connected to the internal port is used by an internal IP address.
The internal port can be any router port. External ports are connected to external networks, such as Internet. The external port can be any port on the router.
The IOS of the router that sets the NAT function should support the NAT function (the router used in this article is Cisco2501, which supports the NAT function above 11.2.).
Fourth, there are several concepts about NAT:
Inside local address: Assigned to the internal IP address of the computer in the internal network.
Inside Global Address: When entering IP communication, represents one or more of the legitimate IP addresses of one or more internal local addresses. The IP address that needs to be applied.
V. NAT setting method:
NAT settings can be divided into static address translation, dynamic address translation, multiplex dynamic address translation.
1, static address translation applicable environment
Static address conversion will convert the internal local address with the internal legitimate address and need to specify and which legal address is converted. If the internal network has an E-mail server or the FTP server, the IP address of these servers must be converted to external users so that external users can use them.
Static address conversion basic configuration steps:
(1) Establish a static address conversion between the internal local address and the internal legal address. Enter: in the global settings:
IP Nat Inside Source Static internal local address internal legal address
(2), specify the internal port of the connection network in the port settings:
IP Nat INSIDE
(3), specifying the external port of the connection external network in port settings:
IP Nat Outside
Note: The plurality of internal ports and multiple external ports can be defined according to actual needs.
Example 1:
This example implements a static NAT address conversion function. The ETH port of 2501 is used as the internal port, and the synchronous port 0 is used as the external port. The internal local addresses of 10.1.1.2, 10.1.1.3, 10.1.1.4 use static address translation. Its internal legal address corresponds to 192.1.1.2, 192.1.1.3, 192.1.1.4, respectively. The configuration of the router 2501:
CURRENT Configuration:
Version 11.3
No Service Password-Encryption
Hostname 2501
IP Nat Inside Source Static 10.1.1.2 192.1.1.2
IP Nat Inside Source Static 10.1.1.3 192.1.1.3
IP Nat Inside Source Static 10.1.1.4 192.1.1.4
Interface Ethernet0
IP Address 10.1.1.1 255.255.255.0
IP Nat INSIDE
Interface serial0
IP Address 192.1.1.1 255.255.255.0
IP Nat Outside
NO ip mroute-cache
Bandwidth 2000
NO FAIR-Queue
ClockRate 2000000
Interface serial1
No ip address
Shutdown
NO ip classless
IP Route 0.0.0.0 0.0.0.0 Serial0
Line Con 0
LINE AUX 0
Line Vty 0 4
Password Cisco
end
You can use the following statement after the configuration is complete:
SHOW IP Nat Statistcs
Show ip nat translations
2, dynamic address translation applicable environment:
Dynamic address conversion also converts the local address with the internal legal address one-to-one, but dynamic address translation is dynamically selected from the internal legal address pool to convert the internal local address.
Dynamic address conversion Basic configuration steps:
(1) In the global setting mode, the internal legal address pool is defined.
IP Nat Pool Address Pool Name Start IP Address Termination IP Address Subnet Mask
Where address pool names can be set.
(2) In the global setting mode, define a standard Access-List rule to allow which internal addresses can perform dynamic address translation.
Access-List Number Permit Source Address Corner
The integer between 1-99 is 1-99.
(3) In the global setting mode, the internal local address specified by Access-List is interested in addressing the address pool of the specified internal legitimate address pool.
IP NAT Inside Source List Access List Number Pool Pool Internal Legal Address Pool Name
(4) Specify the internal port connected to the internal network in the port setting state:
IP Nat INSIDE
(5) Specify external ports connected to external networks
IP Nat Outside
Example 2:
In this example, the hardware configuration is the same, and the dynamic NAT address conversion function is used. The ETH port of 2501 is used as the internal port, and the synchronous port 0 is used as the external port. These 10.1.1.0 network segments use dynamic address translation. The corresponding internal legal address is 192.1.1.2 ~ 192.1.1.10
CURRENT Configuration:
Version 11.3
No Service Password-Encryption
Hostname 2501
IP Nat Pool AAA 192.1.1.2 192.1.1.10 Netmask 255.255.255.0
IP Nat Inside Source List 1 Pool Aaainterface Ethernet0
IP Address 10.1.1.1 255.255.255.0
IP Nat INSIDE
Interface serial0
IP Address 192.1.1.1 255.255.255.0
IP Nat Outside
NO ip mroute-cache
Bandwidth 2000
NO FAIR-Queue
ClockRate 2000000
Interface serial1
No ip address
Shutdown
NO ip classless
IP Route 0.0.0.0 0.0.0.0 Serial0
Access-list 1 permit 10.1.0 0.0.0.255
Line Con 0
LINE AUX 0
Line Vty 0 4
Password Cisco
end
3, multiplexing the environment where the dynamic address conversion is available:
The multiplex dynamic address conversion is first a dynamic address conversion, but it can allow multiple internal local addresses to share an internal legal address. This conversion is extremely useful to apply only to a small number of IP addresses but often more than the user's external network.
Note: When multiple users use an IP address, the external network uses uniquely identifying a computer by using the upper layer such as TCP or UDP port number through the router.
Dynamic address conversion configuration steps:
In the global setting mode, define an internal address pool
IP NAT POOL address pool name start IP address termination IP address subnet mask
Where address pool names can be set.
In global setting mode, define a standard Access-List rule to allow which internal local addresses can perform dynamic address conversion.
Access-List Number Permit Source Address Corner
The integer between 1-99 is 1-99.
In the global setting mode, the internal local address is set to establish multiplex dynamic address translations between internal legitimate IP addresses.
IP Nat Inside Source List Access List Number Pool Internal Legal Address Pool Name Overload
In the port setting, specify the internal port connected to the internal network
IP Nat INSIDE
In the port set state, specify the external port connected to the external network
IP Nat Outside
Example: Apply multiplexed dynamic NAT address conversion function. The ETH port of 2501 is used as the internal port, and the synchronous port 0 is used as the external port. 10.1.1.0 Network segment uses multiplex dynamic address translation. Suppose the company only applies for a legitimate IP address 192.1.1.1.
2501 configuration
CURRENT Configuration:
Version 11.3
No Service Password-Encryption
Hostname 2501
IP Nat Pool BBB 192.1.11 192.1.1.1 Netmask 255.255.255.0
IP Nat Inside Source List 1 Pool BBB overload
Interface Ethernet0
IP Address 10.1.1.1 255.255.255.0
IP Nat INSIDE
Interface serial0
IP Address 192.1.1.1 255.255.255.0
IP Nat Outside
NO ip mroute-cache
Bandwidth 2000
NO FAIR-Queue
ClockRate 2000000
Interface serial1
No ip address
Shutdown
NO ip classless
IP Route 0.0.0.0 0.0.0.0 Serial0
Access-list 1 permit 10.1.0 0.0.0.255
Line Con 0line Aux 0
Line Vty 0 4
Password Cisco
end
