1. Introduction to dynamic address translation function:
Hosts in the enterprise can use private IP addresses to communicate between hosts on the internal network, but cannot communicate with external networks. By configuring the dynamic NAT function, the device can replace the private network IP address that needs to access the external network with the public network IP address, and establish a mapping relationship. When the return message arrives at the device, the public network IP address is replaced with the private network in the reverse direction. The IP address is then forwarded to the host to realize the communication between the internal network user and the external network.
If you need more learning materials for network workers, HCIA/HCIP/HCIE learning videos, you can click: enter group chat
2. Application scenarios of dynamic address translation:
The internal host uses the internal IP address to access the external host
3. Dynamic address translation experiment configuration:
1. Topological diagram
2. Experimental purpose:
As shown in the topology diagram, the private network users in areas A and B of a company are connected to the Internet. The public network address of the interface GE0/0/0 on the router is 2.2.2.1/24, and the address of the opposite operator is 2.2.2.2 /twenty four. Users in Zone A hope to use the addresses in the public network address pool (2.2.2.100~2.2.2.200) to replace the host addresses in Zone A (the network segment is 192.168.1.0/24) using NAT to access the Internet. Users in Zone B want to use the public network address pool (2.2.2.80~2.2.2.83) to replace the host address in Zone B (the network segment is 192.168.2.0/24) to access the Internet.
3. Configuration ideas:
1) Basic ip address configuration
2) Configure the default route
3) Configure ACL on R1 to match the intranet traffic that needs to be NATed
4) Configure NAT outbound
4. Configuration process:
Step 1: Modify the default name of the network device and configure the IP address
1) Router AR1 do basic interface configuration and modify the device name
<Huawei>sys //Enter system view mode
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR1 //Modify the default name of the device
[AR1]int g0/0/0 //Enter interface mode
[AR1-GigabitEthernet0/0/0]ip add 2.2.2.1 24 Configure router interface address
[AR1-GigabitEthernet0/0/0]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip add 192.168.1.1 24
[AR1-GigabitEthernet0/0/1]int g0/0/2
[AR1-GigabitEthernet0/0/2]ip add 192.168.2.1 24
2) Router AR2 do basic interface configuration and modify the device name
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR2
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]ip add 2.2.2.2 24
[AR2]int g0/0/1
[AR2-GigabitEthernet0/0/1]ip add 3.3.3.1 24
If you need more learning materials for network workers, HCIA/HCIP/HCIE learning videos, you can click: enter group chat
Step 2. Configure the default route on AR1 and specify the next hop address as 2.2.2.2
[AR1]ip route-static 0.0.0.0 0.0.0.0 2.2.2.2
Step 3: Configure NAT Outbound on AR1
[AR1]nat address-group 1 2.2.2.100 2.2.2.200 //Configure the address pool
Note: 1. An address pool is a collection of consecutive IP addresses. When an internal data message reaches the external network through address translation, its source address will be converted to other addresses by the address pool.
2. The start address of the address pool must be less than or equal to the end address, and the number of addresses between the start address and the end address cannot be greater than 255.
[AR1]nat address-group 2 2.2.2.80 2.2.2.83
[AR1]acl 2000
[AR1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[AR1-acl-basic-2000]q
[AR1]acl 2001
[AR1-acl-basic-2001]rule permit source 192.168.2.0 0.0.0.255
[AR1-acl-basic-2001]q
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]nat outbound 2000 add
[AR1-GigabitEthernet0/0/0]nat outbound 2000 address-group 1 no-pat
[AR1-GigabitEthernet0/0/0]nat outbound 2001 address-group 2
Note: no-pat means to use one-to-one address translation, which only converts the address of the data message without converting the port information.
Four, configuration result verification:
1. Execute the display nat outbound command on AR1 to view the address translation result
2. Verify that the intranet can access the Internet
As shown in the figure, when a host in Zone A accesses the Internet, it uses the IP in address pool 1 for conversion
If you need more learning materials for network workers, HCIA/HCIP/HCIE learning videos, you can click: enter group chat
So far, the NAT dynamic address translation experiment is completed