Purpose:
• Configure network address translation;
• Provides reliable external access to corporate shared servers.
1 The experimental topology is as follows:
The ip addresses of the three hosts have been written above, and you can configure them yourself. For example, the IP of PC1 is 192.168.1.1. The following 24 means that the subnet mask is 255.255.255.0, which is used to indicate whether the network belongs to the same network segment. The same subnet mask indicates that the network is a network segment, such as PC1, PC2 and PC3 in this experiment.
For the configuration of the gateway, first understand what the gateway does. The gateway is essentially the IP address of a network leading to other networks . Baidu Encyclopedia gave him a popular explanation, assuming that two networks A and B are not in the same network segment, then The two of them cannot communicate directly. If the host in network A finds that the destination host of the data packet is not in the local network, it forwards the data packet to its own gateway, and then forwards the data packet to the gateway of network B, and the gateway of network B forwards it to a certain network B host. This is how network A forwards packets to network B.
So the gateways of PC1, PC2 and PC3 are set to the ip of the port on the left end of AR3, which is set to 192.168.1.254 here.
2 Basic knowledge of dynamic nat
Dynamic NAT means that when the private IP address of the internal network is converted into a public IP address, the IP address pair is uncertain and random, and all private IP addresses authorized to access the Internet can be randomly converted to any specified legal IP address. That is to say, as long as you specify which internal addresses can be converted and which legal addresses are used as external addresses, dynamic conversion can be performed.
3 Configuration of AR3
As shown in the figure above, we first set the ip addresses of both ends, and the left end is the intranet, we set it to 192.168.1.254, which is also the gateway of the three PCs. The subnet mask is 255.255.255.0. The right end belongs to the public network, and we set the address to 122.1.2.1.
Next, set the default route, and set the address of the next hop to 122.1.2.2. That is, the ip address of a port on the left side of our AR4, which is configured when configuring ar4.
Next is the configuration of dynamic nat. We first need to set the ip address that can pass through on the left side of the router, which is the acl2000 I configured, which allows the 192.168.1.0 LAN to pass through. Then there is the ip connected to the public network, where an address group is established. The range is 122.1.2.3 to 122.1.2.7. Then use nat outbound to connect the two. NO-PAT does not do port translation, only IP address translation .
Next, show address-group and outbound, use the command display nat address-group and display nat outbound as follows:
Explain that our configuration is completed correctly
4. Configuration of AR4 on the external network
The configuration of AR4 is relatively simple, we only need to configure the ip address of the port, and then set the static route.
5 Start the test
In order to verify the success of our experiment, first use PC1 to ping pc3, the result is as follows:
It is relatively simple to ping the internal network. Next, let's try the external network. Try to ping 122.1.2.2:
It can be seen that the experiment was a complete success.
problems at hand:
Problem: When I try to ping the external network, the ping fails, and the result is as follows:
After searching for a long time, I couldn't find the reason. When I was about to give up and rebuild, I remembered that the teacher said that we can capture packets for analysis, so the results are as follows:
I found that 192.168.1.154 appeared here in the ARP protocol. Obviously, there is something wrong with the writing of my gateway here, so I opened the settings of the PC, as follows:
Sure enough, it was the gateway problem. I re-modified the gateway to 192.168.1.254, pinged again, and finally got the correct result:
The experiment is successfully completed! ! !
When encountering a problem, calm down and slowly find the root cause of the problem.