Shulou(Shulou.com)06/02 Report--

The intranet on the left and the extranet on the right

Purpose of the experiment: to realize the connectivity of the external network from the left to the right.

Configure the basic information of each machine first

Interface g0/0

No shutdown

Ip add 192.168.1.254 255.255.255.0

Exit

Interface g0/1

No shutdown

Ip add 100.1.1.1 255.255.255.0

Exit

Enter the external network (× × region)

Interface g0/0

No shutdown

Ip add 100.1.1.2 255.255.255.0

Exit

Interface g0/1

No shutdown

Ip add 200.1.1.254 255.255.255.0

Then configure a default route to the intranet to ensure that it is smooth from the intranet to the extranet.

Ip route 0.0.0.0 0.0.0.0 100.1.1.2

# # #

Next, distinguish the internal and external network ports for the intranet router.

Inter g0/0

Ip nat inside

Exit

Inter g0/1

Ip nat outside

Second, translate the address

Enter the intranet border router

Input: ip nat inside source static 192.168.1.1 100.1.1.1

Verify:

Show ip nat translation

Ping x.x.x.x

Summary: the above is the configuration of "static NAT":

1. Determine the boundaries of the network: intranet and extranet

Interface gi0/0 / / defines the port as a private network link

Ip nat inside

Interface gi0/1 / / defines the port as a public network link

Ip nat outside

2. Configure address translation entries

Ip nat inside source static 192.168.1.1 100.1.1.1

3. Verification and testing

Show ip nat translation / / View NAT conversion table

Ping x.x.x.x

Debug ip nat / / View the address translation process of a packet

Ordinary dynamic nat

-configure PAT (special dynamic nat):

1. Determine the boundaries of the network: intranet and extranet

Interface gi0/0

Ip nat inside

Interface gi0/1

Ip nat outside

2. Determine the traffic of interest

Access-list 1 permit host 192.168.1.2

Or

Access-list 1 permit 192.168.1.0 0.0.0.255

3. Configure the translation entry

Ip nat inside source list 1 interface gi0/1

4. Verification and testing

Summary: the underlined part is set above the intranet boundary router.

Application of NAT: Port Mapping

Understanding: remote access to intranet devices from the outside, such as remotely managing corporate network devices at home. When setting up, the useless static NAT can work, as follows:

Configuration:

1. Configure the IP address and default gateway of the switch (only one). Here, the switch is treated as a PC.

Interface vlan 1

No shutdown

Ip address 192.168.1.3 255.255.255.0

Exit

Ip default-gateway 192.168.1.254

2. Configure the "static NAT" entry on the border device

Ip nat inside source static tcp 192.168.1.3 23

100.1.1.1 2000 TCP and UDP must have ports

3. Verification and testing

Show ip nat translation

PC-3:

Telnet 100.1.1.1 2000

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.