Shulou(Shulou.com)06/02 Report--

NAT configuration ideas:

1. Configure the IP addresses of intranet and extranet devices

2. Configure default routes on gateway devices

Ip route 0.0.0.0 0.0.0.0 100.1.1.4

3. Configure the network on the side of ISP (IGP-RIP is enabled in the intranet)

ISP:

Router rip

Version 2

No auto-summary

Network 200.1.1.0

Network 100.0.0.0

Passive-interface gi1/0

R5:

Router rip

Version 2

No auto-summary

Network 200.1.1.0

3. Configure NAT boundaries on gateway devices

Interface fa0/0

Ip nat inside

Interface gi1/0

Ip nat outside

4. Configure NAT translation entries

Ip nat inside source static 192.168.10.1 100.1.1.3

5. Verify, test, save

Show ip route

Show ip nat translation

Debug ip nat

PC-1:

Ping 200.1.1.5

=

Static NAT:

In this type of NAT, the correspondence between the private address and the public address is 1:1, so the IP address is not saved.

In a type of dynamic NAT-PNAT (port NAT)

The corresponding relationship between the private address and the public address is: NRU 1, saving the IP address

The essence is:

Use different port numbers of the same public network IP address to correspond to different private hosts on the intranet.

Configuration ideas:

1. Determine the boundary of NAT

2. Determine the private address space that needs to be translated by NAT

Tool-IP packet rule 1: 192.168.10 that matches all packets in the private network with a source IP of 192.168.10.X. 0 0. 0. 0.255-- > wildcard / / according to this rule, you can catch all packets with source IP address 192.168.10.X; tool, called ACL-access control list: access control list ACL: rules-match the traffic of interest Actions-permit / deny events-what needs to be done with "interested traffic". Access-list 1 permit 192.168.10.0 0.0.0.2553, configure corresponding NAT translation entry GW (config) # ip nat inside source list 1 interface gi1/0 4 for private address, verify, test, save show ip nat statistics / / view brief configuration information of NAT; show ip access-list / / view configured ACL Show ip nat translation / / View the core worksheet of NAT-NAT table GW#debug ip nat PC-1/2: ping 200.1.1.5

=

On the border gateway, if everything happens to NAT, then:

1. When the traffic is from inside to outside, first check the routing table, then check the NAT table; 2. When the traffic from outside to inside, first check the NAT table, and then check the routing table

So, we can initiate traffic to inside on outside, as long as we make sure

There is a NAT entry on the border gateway

Of course, this entry cannot be triggered by private network traffic, but should be a permanent static NAT entry.

We call this configuration: the advanced application of NAT.

Representative 1:

Port mapping

GW (config) # ip nat inside source static tcp 192.168.10.1 23 100.1.1.3 123456

Test:

1. Configure the remote access password of PC-1 first.

2. Secondly, configure the remote access password of GW.

3. Finally, test on R5:

Telnet 100.1.1.3 123456

=

Huawei NAT (same category as Cisco)

Static NAT: private address and public address is 1:1, do not save IP address

Dynamic NAT: private address and public address are many: 1, saving IP address

-ordinary "dynamic NAT"

-PAT/PNAT/NAPT/ port multiplexing

Static NAT configuration:

1. Start the NAT function

# enable it on any port

For example:

Interface gi0/0/1

Nat static enable-- > start the static NAT function

2. Configure NAT transformation entries (two configuration methods)

Configurations can be configured globally

Nat static global 100.1.1.3 inside 192.168.10.1

"can be configured under the interface (must be the outgoing port of the packet) nat static global 100.1.1.3 inside 192.168.10.1 3, verify, test, save display nat static terminal monitor terminal debugging debugging ip icmp debugging nat all

Configuration of PNAT:

1. Define the traffic of interest

Acl 2000

Rule 5 permit 192.168.10.0 0.0.0.255

2. Configure NAT interface gi0/0/1 nat outbound 2000 on the egress port of the traffic-> the traffic sent on this port and matched by ACL 2000, in which the source IP address is translated to the IP address of the interface; 3. Verify, test, and save display nat outbound

Huawei port mapping:

Interface g 0/0/0

Nat server protocol tcp global current-interface 80 inside 192.168.1.1 80 / / the external network accesses the intranet through port 80 of the tcp protocol. Prepare the environment 2. Enter the interface and determine in, out3. Static nat

Cisco:

Ip nat inside source list 1 interface FastEthernet0/1 overload / / pnat pat Port Multiplexing dynamic natip nat inside source static tcp 192.168.1.1 23 200.1.1.3 6969 extendable//nat Advanced Application-Port Mapping ip nat inside source static 192.168.1.1 200.1.1.3 how to turn the router into PC?conf tno ip routing / / turn off the routing function ip default-gateway address if not, then You need to configure routing entries to communicate with your gateway

= =

Huawei:

Static nat interface GigabitEthernet0/0/1 ip address 200.1.1.3 255.255.255.0 nat static global 200.1.1.5 inside 192.168.1.1 netmask 255.255.255.255 / / call the public network address first (not the same as your external interface address) Re-enter the internal address nat static enable / / enable service dynamic nat [Huawei] acl 2000 / / create aclrule 5 permit / / create rule nat outbound 2000 / / apply aclnat advanced application nat server protocol tcp global 200.1.1.10 6969 inside 192.168.1.2 www / / Advanced application port mapping: the internal network accesses the public network, and the default route to the public network allows port mapping: when the public network accesses the internal network, port mapping must be used. (if you don't do it, you can only access the boundary router, but not the intranet.) to translate the destination address, you must first turn on the nat function.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.