Introduction to the NAT function configuration of router
With the rapid development of the Internet network, IP address shortage has become a very prominent problem. To solve this problem, multiple solutions emerge. The following describes a relatively effective method in the current network environment, namely the address translation (NAT) function.
1. Introduction to NAT
The function of NAT (Network Address Translation) refers to the IP address that can be customized as needed within a network without applying. Inside the network, each computer communicates through its internal IP addresses. When the internal computer wants to communicate with the external Internet network, the NAT-function device (such as a router) is responsible for converting its internal IP address into a legal IP address (that is, the IP address that was applied for) for communication.
2. NAT application environment:
Case 1: An enterprise does not want external network users to know their network internal structure. It can isolate the internal network from the external Internet through NAT, so external users do not know the internal IP address set through NAT at all.
Situation 2: A company applies for very few legal Internet IP addresses, while there are many internal network users. Through the NAT function, multiple users can use a legal IP to communicate with the external Internet at the same time.
3. Set the hardware configuration and software configuration of the router required by NAT:
The router that sets the NAT function must have at least one internal port (Inside) and one external port (Outside). The network user connected to the internal port uses the internal IP address.
The internal port can be any router port. The external port connects to an external network, such as the Internet. The external port can be any port on the router.
The IOS of the router that sets the NAT function should support the NAT function (the router used in this example is Cisco2501, and its IOS is version 11.2 or above to support the NAT function).
4. Several concepts about NAT:
Inside local address: The internal IP address assigned to computers in the internal network.
Inside global address: When entering IP communication to the outside world, it represents one or more internal local addresses. An IP address that needs to be obtained before application.
5. NAT settings:
NAT settings can be divided into static address conversion, dynamic address conversion, and multiplexed dynamic address conversion.
1. The environment suitable for static address conversion
Static address translation converts one-to-one internal local address and internal legal address, and it is necessary to specify which legal address to convert. If the internal network has services such as E-mail servers or FTP servers that can be provided to external users, the IP addresses of these servers must be translated statically so that external users can use these services.
Basic configuration steps for static address conversion:
(1) Establish static address conversion between the internal local address and the internal legal address. In the global settings state, enter:
Ip nat inside source static Internal local address Internal legal address
(2) Specify the internal port connecting to the network Enter in the port setting state:
ip nat inside
(3) Specify the external port connecting to the external network Enter in the port setting state:
ip nat outside
Note: Multiple internal ports and multiple external ports can be defined according to actual needs.
Example 1:
This example implements the static NAT address translation function. Use the Ethernet port of 2501 as the internal port and synchronous port 0 as the external port. Among them, the internal local addresses of 10.1.1.2, 10.1.1.3, and 10.1.1.4 adopt static address conversion. The internal legal addresses correspond to 192.1.1.2, 192.1.1.3, and 192.1.1.4, respectively.
Configuration of router 2501:
Current configuration:
version 11.3
no service password-encryption
hostname 2501
ip nat inside source static 10.1.1.2 192.1.1.2
ip nat inside source static 10.1.1.3 192.1.1.3
ip nat inside source static 10.1.1.4 192.1.1.4
interface Ethernet0
ip address 10.1.1.1 255.255.255.0
ip nat inside
interface Serial0
ip address 192.1.1.1 255.255.255.0
ip nat outside
no ip mroute-cache
bandwidth 2000
no fair-queue
clockrate 2000000
interface Serial1
no ip address
shutdown
no ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
line con 0
line aux 0
line vty 0 4
password cisco
end
After the configuration is completed, you can use the following statement to view it:
show ip nat statistcs
show ip nat translations
2. Applicable environment for dynamic address conversion:
Dynamic address translation is also a one-to-one conversion between local addresses and internal legal addresses, but dynamic address translation is to dynamically select an end-used address from the internal legal address pool to convert the internal local address.
Basic configuration steps for dynamic address conversion:
(1) Define the internal legal address pool in global settings mode
ip nat pool address pool name start IP address terminate IP address subnet mask
The address pool name can be set arbitrarily.
(2) In global settings mode, define a standard access-list rule to allow which internal addresses can be dynamically converted.
Access-list label permit source address wildcard
Among them, the labels are integers between 1 and 99.
(3) In global settings mode, the internal local address specified by access-list is converted with the specified internal legal address pool.
ip nat inside source list access list label legal address pool name
(4) Specify the internal port connected to the internal network in the port setting state:
ip nat inside
(5) Specify the external port connected to the external network
Ip nat outside
Example 2:
In this example, the hardware configuration is the same as above, using the dynamic NAT address translation function. Use the Ethernet port of 2501 as the internal port and synchronous port 0 as the external port. Among them, the 10.1.1.0 network segment adopts dynamic address conversion. The corresponding internal legal address is 192.1.1.2~192.1.1.10
Current configuration:
version 11.3
no service password-encryption
hostname 2501
ip nat pool aaa 192.1.1.2 192.1.1.10 netmask 255.255.255.0
ip nat inside source list 1 pool aaa
interface Ethernet0
ip address 10.1.1.1 255.255.255.0
ip nat inside
interface Serial0
ip address 192.1.1.1 255.255.255.0
ip nat outside
no ip mroute-cache
bandwidth 2000
no fair-queue
clockrate 2000000
interface Serial1
no ip address
shutdown
no ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
access-list 1 permit 10.1.1.0 0.0.0.255
line con 0
line aux 0
line vty 0 4
password cisco
end
3. Applicable environment for multiplexing dynamic address translation:
Multiplexing dynamic address translation is first of all a dynamic address translation, but it can allow multiple internal local addresses to share an internal legal address. This conversion is extremely useful when users who only apply for a small number of IP addresses but often have more than the legal addresses to go to the external network at the same time.
Note: When multiple users use one IP address at the same time, the external network uses the upper layer such as TCP or UDP port numbers to uniquely identify a computer through the router.
Multiplexing dynamic address translation configuration steps:
In global settings mode, define internal address pool
ip nat pool address pool name start IP address terminate IP address subnet mask
The address pool name can be set arbitrarily.
In global settings mode, define a standard access-list rule to allow which internal local addresses can be dynamically translated.
access-list label permit source address wildcard
The labels are integers between 1 and 99.
In the global setting mode, set up multiplexed dynamic address conversion between the internal local address and the internal legal IP address.
ip nat inside source list access list label pool internal legal address pool name overload
In port setting state, specify the internal port connected to the internal network
ip nat inside
In port setting state, specify the external port connected to the external network
ip nat outside
Example: Multiplexing dynamic NAT address translation function is applied. Use the Ethernet port of 2501 as the internal port and synchronous port 0 as the external port. 10.1.1.0 network segment adopts multiplexed dynamic address conversion. Suppose the company only applies for a legal IP address 192.1.1.1.
2501 configuration
Current configuration:
version 11.3
no service password-encryption
hostname 2501
ip nat pool bbb 192.1.1.1 192.1.1.1 netmask 255.255.255.0
ip nat inside source list 1 pool bbb overload
interface Ethernet0
ip address 10.1.1.1 255.255.255.0
ip nat inside
interface Serial0
ip address 192.1.1.1 255.255.255.0
ip nat outside
no ip mroute-cache
bandwidth 2000
no fair-queue
clockrate 2000000
interface Serial1
no ip address
shutdown
no ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
access-list 1 permit 10.1.1.0 0.0.0.255
line con 0
line aux 0
line vty 0 4
password cisco
end
Article entry: admin Editor: admin