Dynamic NAT Experiment: Configuring and Verifying Dynamic Network Address Translation
【Purpose】
- Deploy dynamic NAT.
- Familiar with the application method of dynamic NAT.
- Verify the configuration.
【Experimental Topology】
The experimental topology is shown in the figure.
experimental topology
The equipment parameters are shown in the table.
Equipment parameter table
| equipment |
interface |
IP address |
subnet mask |
default gateway |
| R1 |
f0/0 |
192.168.10.1 |
255.255.255.0 |
N/A |
| S1/0 |
10.0.0.1 |
255.255.255.0 |
N/A |
|
| R2 |
f0/0 |
172.16.0.1 |
255.255.255.0 |
N/A |
| S1/0 |
10.0.0.2 |
255.255.255.0 |
N/A |
|
| PC1 |
e0 |
192.168.10.100 |
255.255.255.0 |
192.168.10.1 |
| PC1 |
e0 |
172.16.0.100 |
255.255.255.0 |
172.16.0.1 |
【Experimental content】
1. Basic configuration
R1:
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface f0/0
R1(config-if)#ip address 192.168.10.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config-if)#interface s1/0
R1(config-if)#ip address 10.0.0.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#
R2:
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface f0/0
R2(config-if)#ip address 172.16.0.1 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#interface s1/0
R2(config-if)#ip address 10.0.0.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#
PC1:
PC1> ip 192.168.10.100/24 192.168.10.1
Checking for duplicate address...
PC1 : 192.168.10.100 255.255.255.0 gateway 192.168.10.1
PC2:
PC2> ip 172.16.0.100/24 172.16.0.1
Checking for duplicate address...
PC2 : 172.16.0.100 255.255.255.0 gateway 172.16.0.1
2. Configure basic routing
R1(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.2
//Configure the default route, the next hop is 10.0.0.2
3. Configure dynamic NAT
R1(config)#access-list 1 permit 192.168.10.0 0.0.0.255
//Create an ACL, numbered 1, allowing the network segment 192.168.10.0/24 to pass through
R1(config)#ip nat pool dnat 10.0.0.3 10.0.0.10 netmask 255.255.255.0
//Create a dynamic NAT address pool
R1(config)#ip nat inside source list 1 pool dnat
//Apply ACL to the dynamic ACL address pool
R1(config)#interface f0/0
R1(config-if)#ip nat inside
//Apply dynamic NAT in the inbound direction of port f0/0
R1(config-if)#interface s1/0
R1(config-if)#ip nat outside
//Apply dynamic NAT in the outbound direction of port s1/0
4. View NAT information
(1) View NAT conversion information
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 10.0.0.3:33017 192.168.10.100:33017 172.16.0.100:33017 172.16.0.100:33017
icmp 10.0.0.3:33273 192.168.10.100:33273 172.16.0.100:33273 172.16.0.100:33273
icmp 10.0.0.3:33529 192.168.10.100:33529 172.16.0.100:33529 172.16.0.100:33529
icmp 10.0.0.3:33785 192.168.10.100:33785 172.16.0.100:33785 172.16.0.100:33785
icmp 10.0.0.3:34041 192.168.10.100:34041 172.16.0.100:34041 172.16.0.100:34041
icmp 10.0.0.3:35833 192.168.10.100:35833 172.16.0.100:35833 172.16.0.100:35833
icmp 10.0.0.3:36089 192.168.10.100:36089 172.16.0.100:36089 172.16.0.100:36089
icmp 10.0.0.3:36345 192.168.10.100:36345 172.16.0.100:36345 172.16.0.100:36345
icmp 10.0.0.3:36601 192.168.10.100:36601 172.16.0.100:36601 172.16.0.100:36601
icmp 10.0.0.3:36857 192.168.10.100:36857 172.16.0.100:36857 172.16.0.100:36857
--- 10.0.0.3 192.168.10.100 --- ---
//The above output shows the conversion of icmp from 192.168.10.100 to 10.0.0.3
Run the show ip nat translations command to view NAT translation information. This command will display the following information:
- Protocol: Displays the type of protocol being converted, such as icmp, tcp, or udp.
- Inside global (internal global address): display the converted global IP address and port number, indicating the address used in the external network.
- Inside local: Displays the local IP address and port number in the internal network.
- Outside local: Displays the local IP address and port number in the external network.
- Outside global (outside global address): Displays the global IP address and port number in the external network, indicating the destination address to be translated.
Based on the sample output provided above, you can see that there are multiple ICMP translations, each with a different source and destination address. Note that the specifics of the conversion depend on the actual communication you make
(2) Check the statistics of NAT conversion
R1#show ip nat translations
Run the show ip nat statistics command to view NAT translation statistics. This command will display the following information:
- Total active translations: Displays the total number of currently active translations, including static and dynamic translations.
- Peak translations: Shows the highest number of translations ever reached and when that peak occurred.
- Outside interfaces: Displays a list of external interfaces to which NAT translation is applied.
- Inside interfaces: Displays a list of inside interfaces to which NAT translation is applied.
- Hits (number of hits): Displays the number of data packets that have matched the NAT translation rules.
- Misses (Number of Misses): Displays the number of packets that do not match the NAT translation rules.
- CEF Translated packets: Displays the number of packets translated using Cisco Express Forwarding (CEF).
- CEF Punted packets (packets forwarded by CEF): Displays the number of packets forwarded by CEF without NAT conversion.
- Expired translations: Shows the number of translations that have expired.
- Dynamic mappings: Displays detailed information about dynamic NAT translations, including information about applied ACLs and address pools.
Based on the output example provided above, you can see that the total number of active transitions is 1, the peak transition is 11, and information is displayed for both the internal and external interfaces. You can also see that the number of hits is 20, the number of misses is 0, and the dynamic mapping information is displayed.
Note that the exact information output may vary depending on your actual network traffic and configuration. The above is the general situation
Pro Inside global Inside local Outside local Outside global
icmp 10.0.0.3:33017 192.168.10.100:33017 172.16.0.100:33017 172.16.0.100:33017
icmp 10.0.0.3:33273 192.168.10.100:33273 172.16.0.100:33273 172.16.0.100:33273
icmp 10.0.0.3:33529 192.168.10.100:33529 172.16.0.100:33529 172.16.0.100:33529
icmp 10.0.0.3:33785 192.168.10.100:33785 172.16.0.100:33785 172.16.0.100:33785
icmp 10.0.0.3:34041 192.168.10.100:34041 172.16.0.100:34041 172.16.0.100:34041
icmp 10.0.0.3:35833 192.168.10.100:35833 172.16.0.100:35833 172.16.0.100:35833
icmp 10.0.0.3:36089 192.168.10.100:36089 172.16.0.100:36089 172.16.0.100:36089
icmp 10.0.0.3:36345 192.168.10.100:36345 172.16.0.100:36345 172.16.0.100:36345
icmp 10.0.0.3:36601 192.168.10.100:36601 172.16.0.100:36601 172.16.0.100:36601
icmp 10.0.0.3:36857 192.168.10.100:36857 172.16.0.100:36857 172.16.0.100:36857
--- 10.0.0.3 192.168.10.100 --- ---
R1#show ip nat statistics
The statistics output of the provided NAT translation, I will explain the meaning of each field one by one:
Total active translations: 1 (0 static, 1 dynamic; 0 extended), this field shows the total number of currently active translations. In your configuration, there is a total of 1 active transitions, of which 0 are static transitions, 1 are dynamic transitions, and 0 are extension transitions.
Peak translations: 11, occurred 00:03:31 ago
This field shows the highest number of conversions achieved and when the highest number of conversions occurred. At a certain point in time, the peak number of NAT translations reached 11, and this peak occurred before 00:03:31.
This field lists the list of external interfaces to which NAT translation is applied. In your configuration, there is only one external interface, Serial1/0.
Inside interfaces:
This field lists the list of internal interfaces to which NAT translation is applied. In your configuration, there is only one internal interface, FastEthernet0/0.
Hits: 20 Misses: 0
This field shows the number of data packets that have matched the NAT translation rules (Hits) and the number of data packets that have not matched the NAT translation rules (Misses). In your configuration, 20 packets have been hit and no misses have occurred.
CEF Translated packets: 20, CEF Punted packets: 0
This field shows the number of packets translated using Cisco Express Forwarding (CEF) (CEF Translated packets) and the number of packets forwarded using CEF without NAT translation (CEF Punted packets). In your configuration, there are 20 packets that get CEF translation and none that need CEF forwarding but NAT translation.
Expired translations: 10
This field shows the number of conversions that have expired. In your configuration, 10 transitions have expired.
Dynamic mappings:
- This field displays the detailed information of dynamic NAT translation, including information about applied ACL and address pool. In your configuration, the ACL number 1 is applied to dynamic NAT, and the address pool dnat is used. The start address of the address pool is 10.0.0.3, and the end address is 10.0.0.10. A total of 8 addresses are available.
- Total active translations: 1 (0 static, 1 dynamic; 0 extended)
- Peak translations: 11, occurred 00:03:31 ago
- Outside interfaces:
- Serial1/0
- Inside interfaces:
- FastEthernet0/0
- Hits: 20 Misses: 0
- CEF Translated packets: 20, CEF Punted packets: 0
- Expired translations: 10
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 pool dnat refcount 1
pool dnat: netmask 255.255.255.0
start 10.0.0.3 end 10.0.0.10
type generic, total addresses 8, allocated 1 (12%), misses 0
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Pa
5. Connectivity test
Through this experiment, we have successfully configured and verified dynamic NAT. Dynamic NAT is an important network address translation technology that can help solve the problem of insufficient IP addresses and provide better network connectivity and security.
In the experiment, we first performed the basic configuration, including setting the interface IP address and routing of the device. Then, we configured dynamic NAT, created an ACL and defined a dynamic NAT address pool, and then applied dynamic NAT to the corresponding interface.
By viewing NAT conversion information and statistics, we can understand the situation and statistics of NAT conversion. NAT translation information shows how internal addresses are mapped to external addresses, while statistics provide information on active translations, peak translations, hit and miss packets, and more. This information is very useful for monitoring and optimizing NAT configurations.
Through the connectivity test, we verified that the dynamic NAT is working properly. PC1 and PC2 are able to successfully communicate with the external network through dynamic NAT.
In short, this experiment helped us get familiar with the configuration and application methods of dynamic NAT, and monitored the operation of NAT by viewing conversion information and statistical information. Mastering the knowledge and skills of dynamic NAT is crucial to the design and management of complex network environments, and helps to improve network performance and security.
Dynamic NAT is the invisible hero of the network, silently guiding the direction of data packets, making information flow more efficient and making the network world better.