Shulou(Shulou.com)06/03 Report--

Topological graph

Configure IP address as shown in the figure

PC7 IP 192.168.10.2/24

PC8 IP 192.168.10.1/24

1. Static NAT configuration Enter the public network port gi0/0/1 of border route R4: Interface gi0/0/1 Ip add 1.1.1.1 255.0.0.0 nat server global 1.1.1.3 inside 192.168.10.1 (map the internal network ip 192.168.10.1 to the external network ip 1.1.1.3, where the public network ip address cannot write this port IP address, there will be conflicts If you write gi0/0/1 ip 1.1.1.2 of R5, it will cause the whole network to be able to ping but not the gi0/0/1 1.1.1.2ping of R5, so it is recommended to write the IP address of the same network segment of the public network) ip route-static 0.0.0.0 0.0.0.0 1.1.1.2 (refers to a default route to the external network)

At this time, you can use PC8 ping server 2.2.2.1 PC8 ping 8, but PC7 is not available, because static NAT does not save IP addresses. A private network ip corresponds to an external network ip.

Bag grab test:

As can be seen from the packet capture diagram, PC8 ping 2.2.2.1 PC8 ping 8 is used, but the source ip of the ping packet is 1.1.1.3 bind 8, indicating that the network address of the ping packet has been translated into 1.1.1.3max 8 at the port out of the external network.

two。 Dynamic NAT configuration

Clear the previous command configuration, and the IP address is still configured as shown

R4: (the system attempts to go down)

Nat address-group 1 1.1.3 1.1.1.10 (establish a pool of translated addresses for public network segments)

Acl 2000

Rule 10 permit source 192.168.10.0 0.0.0.255 (establish rule 10 to allow source ip access to ip addresses within the 192.168.10.0 and24 network segment)

Interface gi 0/0/1

Ip add 1.1.1.1 255.0.0.0

Nat outbound 2000 address-group1 no-pat (the acl is associated with the address pool under the port, and the outbound traffic under the port allows the addresses allowed in the acl to be translated into random addresses in the address pool address-group1. No-pat means that reuse is not allowed, otherwise access to the public network will be confused.)

System attempt: Ip route-static 0.0.0.0 0.0.0.0 1.1.1.2

At this time, PC7 PC8 can access the public network.

Ping Test:

Grab packet analysis:

It can be seen that the source ip of the ICMP packet is a changing ping packet, and each packet is a different source ip address, but in essence, it is a private network ip address corresponding to a public network address, so the ip address cannot be saved.

3. PNAT configuration

PNAT is the repeated use of a public network address

Clear the previous configuration and keep the ip address plan unchanged

R4:

Acl 2000

Rule 10 permit source 192.168.10.0 0.0.0.255

Nat address-group 1 1.1.3 1.1.1.3 (don't forget)

Interface gi0/0/1

Nat outbound 2000 address-group 1 (here there is only one address in the address pool, so no no-pat is added, and the address pool is random)

Ip route-static 0.0.0.0 0.0.0.0 1.1.1.2

This is similar to the previous static. If the address pool is not set, the current port network address can be used directly.

Interface gi 0/0/1

Nat bound 2000

Ping Test:

Grab the bag:

It can be seen from the figure that the source ip address of the ping packet is 1.1.1.1Accord8 is the egress port ip address, which realizes that multiple private network ip addresses correspond to one public network ip address.

4. Static NAT port mapping

There is no need to clear the configuration of PNAT

Interface gi0/0/1

Nat static protocol tcp global current-interface 1212 inside 192.168.10.1 23

(map port 1212 of the current port ip to port 23 of 192.168.10.1, where you can write either the port number or telnet)

In this way, the public network can connect to pc8 (192.168.10.1) remotely, of course, if the connection is allowed remotely.

Here, change the pc8 to a router, change the name to PC8 and configure the interface ip address i192.168.10.1 to 24, and add the default route 0.0.0.0 0.0.0.0 192.168.10.254 (equivalent to gateway)

Use R5 to remotely access the router:

Telnet 1.1.1.1 1212

Access successful

The above are some simple applications of huawei to access the external network through nat, I hope it will be of some help to you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.