Shulou(Shulou.com)06/01 Report--

2.NAT

2.1Type source NAT of NAT: for internal users to access the Internet NAT-- servers in private networks provide services for public networks

2.2 types of source NAT static IP one-to-one fixed conversion (bi-directional NAT: outgoing source transfer, incoming destination transfer) source IP changes, source port remains the same (10.0.0.1v 1025MB-> 202.100.1.1NAT 1025) dynamic IP source IP one-to-one dynamic conversion, port unchanged dynamic IP/Port (DIPP) multiple clients use the same public network ip But the source port is different (10.0.0.1vir 1025muri-> 10.0.0.1vir 11025) the translated address can be either the interface address or the specified IP2.3 DIPP NAT OverSubscription.

The same IP/Port mapping can be used for multiple concurrent sessions, as long as the host connects to different destinations. It means that when different internal hosts access different resources of the public network for NAT, they can be mapped to the same port of the same IP.

Set up

[Device]-[Setup]-[Session]-[Session Settings]

2.4 LAB 6 Static IP conversion experiment purpose: through this experiment, we can grasp the configuration experimental requirements of static NAT: DMZ Win2012 (192.168.1.200) to Outside Win2012_NAT (202.100.1.200)

The process of the experiment:

Create a tag (you can classify IP through TAG)

[Object]-[Tags]

Create Object

[Object]-[Addresses]

Create a NAT policy

[Policy]-[NAT]

Note: when Bi-directional is checked, bi-directional NAT is enabled. When users access 200.1.100.200 from outside, it can be automatically converted to 192.168.1.200 of DMZ. Cisco defaults to two-way NAT

Create a security policy:

DMZ---- > Outside

Outside--- > DMZ

Note: since Check Security Policy comes before NAT Policy Apply, the destination address here is the pre-translation address.

Experimental conclusion:

When Win2012 accesses the outside area network, view NAT traffic through Monitor. When accessing DMZ Win2012 through the outside area network, view NAT traffic through Monitor. 2.5 LAB7 dynamic IP conversion experiment purpose: through this experiment, we can grasp the configuration experimental requirements of dynamic NAT: when the PC1 in the inside-1 area goes to internet, it is converted to 202.100.1.120-202.100.1.130 Experimental process: create object

Create a NAT policy

Description: here we choose none

Experimental conclusion:

2.6.The purpose of LAB8 DIPP experiment: through this experiment, we can grasp the experimental requirements of PA DIPP configuration: when the 10.1.2.0 outside 24 of inside-1 goes to outside, it will be converted to PA1 interface to E0P2 (outside) IP Experimental process: create object

Create NAT

Experimental conclusion:

2.7 LAB9 purpose NAT configuration Experimental purpose: through this experiment, we can grasp the experimental requirements of PA DNAT configuration: when accessing the TCP/2323 port of the PA1 external interface IP (202.100.1.10), it will be converted to the TCP/23 port of R1 (10.1.1.1).

The process of the experiment:

Create Object

[objects]-[Addresses]

[objects]-[Services]

Create a DNAT policy

Create a security policy

Experimental results: the test was conducted from GatewayRouter TELNET 202.100.1.10 2323.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.