Nat

ICND Part 2 Chap 7
ADDRESS SPACE MANAGEMENT

SCALING The Network NAT and PAT
Conserving address
NAT
PAT
Network Address Translation

Port Address Translation
static - dynamic - overloading

Address Space Management RFC 1918
PC 98.10.10.5 ------------internet-------ROUTER-------------PC 192.168.50.50
IP PACKET
|
IP PACKET
DST 98.10.10.5
|
DST 98.10.10.5:80
SRC 220.16.16.5:12002
|
SRC 192.168.50.50:12002
<-----------<------------------------NAT TABLE
PUBLIC
Private
220.16.16.5 ----------------------------------------------------e 192.168.50.50
IP is either local or global
Local inside network
Global outside network
private inside
outside outside
PORT ADDRESS TRANSLATION

PC
10.6.1.2
10.6.1.6
INTERNET
(SA 10.6.1.2:2031)----------------------PAT ---------------------------------SA 171.69.68:2031
(SA 10.6.1.6:1506)
ROUTER
SA 171.69.68.10:1506
|
|
NAT TABLE
INSIDE LOCAL
INSIDE GLOBAL
10.6.1.2:2031
171.69.68.10:2031
10.6.1.6:1506
171.69.68.10:1506
10.6.1.6:131
171.69.68.10:2032
TRANSLATING INSIDE SOURCE ADDRESSES

Inside
( local network - private )
Inside Local
PC
ip10.1.1.1
Mask 255.0.0.0
GW 10.10.10.10
NAT
ROUTER
Inside global |
Outside
(The internet - Public)
Outside global
INT en0
|
Int So
ip add 10.10.10.10 | ip add 11.11.11.254
mask 255.0.0.0 | 255.255.255.128
CONFIGURING and VERIFYING STATIC TRANSLATION
Outside local
Web Server
IP 5.5.5.6
Mask 255.255.255.0
Config)# ip nat inside source static local-ip global-ip

static
config)# interface type port
config-if)# ip nat inside
config)# interface type port
config-if)# ip nat outside
)# show ip nat translations
remove - config)# no ip natinside source
ENABLE STATIC NAT ADDRESS MAPPING EXAMPLE

PC ---------------------------------E0 (ROUTER) SO-------------------------------INTERNET
10.1.1.2
10.1.1.1
192.168.1.1
|_10.1.1.2
|_192.168.1.2
Interface S0
ip address 192.168.1.1 2555.255.255.0
ip nat outside
Interface e0
ip address 10.1.1.1 255.255.255.0
ip nat insidfe
ip nat inside source static 10.1.1.2 192.168.1.2
show ip nat translation
pro inside global
---- 192.168.1.2
inside local
10.1.1.2
Outside local
------------
Outside global
------------------
ENABLE DYNAMIC NAT ADDRESS MAPPING EXAMPLE

( no ip nat pool) to remove
config)# ip nat pool name start-ip end-ip
defines global address as needed
config)# access-list access-list-number permit source
defines standard ACL permitting those inside
local address to be translated
config)# ip nat inside source list
establish dynamic source translation ising acl
access-list-number pool name
#show ip nat translations
Displays active translations
-------------------------------------------------------------------------------------------------------------------------------ip nat pool net-208 172.19.233.209 172.19.233.222 netmask 255.255.255.240
ip nat inside source list 1 pool net-208
interface serial
ip address 172.19.232.182 255.255.255.0
ip nat outside
interface ethernet 0
ip address 192.168.1.94 255.255.255.0
ip nat inside
access-list permit 192.168.1.0 0.0.0.255
Host A 192.168.1.100
(Router) Host C 10.1.1.1
Host B 192.168.1.101-----------------------------E0 (ROUTER) SO------------------------ (Router) Host D
172.16.1.1
192.168.1.94
172.19.232.182
# show ip nat translations

Inside Local
172.19.233.209
172.19..233.210
NAT
ROUTER
Inside global |
Outside global
192.168.1.100
192.168.1.101
Outside local
OVERLOADING INSIDE GLOBAL ADDRESS's

config)# access-list access-list-number permit source source-wildcard
define acl to permit
inside ip address
config)# ip nat inside source list access-list-number interface interface overload
establish
synamic source spec acl
show ip nat translations
pc 192.168.3.7
INTERNET
pc 192.168.4.12
SWITCH
192.168.3.1 E0 (ROUTER) 172.17.38.1 S0-------------------
SWITCH
192.168.4.1.E1
interfacce Ethernet0
ip address 192.168.3.1 255.255.255.0
ip nat inside
interface Ethernet E1
ip address 192.168.4.1 255.255.255.0
ip nat inside
ip address Serial 0
Description to ISp
ip address 172.17.38.1 255.255.255.0
ip nat outside
ip nat inside source list 1 interface serial0 overload
ip route 0.0.0.0. 0.0.0.0 Serial 0
access list 1 permit 192.168.3.0 00.0.255
access list 1 permit 192.168.4.0 0.0.0.255
PRO Inside global
TCP 172.17.38.1:1050
TCP 172.17.38.1:1776
Inside local |
Outside local
192.168.3.7:1050 |
10.1.1.1:23
192.168.4.12:1776 |
10.2.2.2:25
See page 7-18 @ clear ip nat translation *
Outside global
10.1.1.1:23
10.2.2.2:25

Nat

Enviado por

Dados do documento

Descrição original:

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Nat

Enviado por

Direitos autorais:

Formatos disponíveis

ICND Part 2 Chap 7

ADDRESS SPACE MANAGEMENT

Network Address Translation

static - dynamic - overloading

PORT ADDRESS TRANSLATION

TRANSLATING INSIDE SOURCE ADDRESSES

CONFIGURING and VERIFYING STATIC TRANSLATION

Config)# ip nat inside source static local-ip global-ip

remove - config)# no ip natinside source

ENABLE STATIC NAT ADDRESS MAPPING EXAMPLE

ENABLE DYNAMIC NAT ADDRESS MAPPING EXAMPLE

# show ip nat translations

OVERLOADING INSIDE GLOBAL ADDRESS's

192.168.3.1 E0 (ROUTER) 172.17.38.1 S0-------------------

See page 7-18 @ clear ip nat translation *

Você também pode gostar