Table of contents
First, there is a difference between private and public ip addresses in IPV4 addresses
Two, NAT network address translation
First, there is a difference between private and public ip addresses in IPV4 addresses
1. Public ip address--has global uniqueness, can communicate in the Internet, and needs to be paid for use
2. Private IP address - has local uniqueness, cannot communicate in the Internet, no need to pay for it
Private ip address:
Class A: 10.0.0.0/8 Class B 172.16.0.0/16--172.31.0.0/16 Class C 192.168.0.0/24--192.168.255.0/24
Two, NAT network address translation
Perform mutual conversion between public ip and private ip addresses on the border router; when accessing the external network from the internal network, modify the source IP address, and modify the target IP address when entering the internal network from the external network
Three, NAT classification
pc5 network segment 1.1.1.0/24
. Note; all nat configurations are implemented on the border router
1. One-to-many:
Simple nat converts multiple private addresses into the same public ip address. When multiple private IP addresses are converted into a public ip address at the same time, the source ip and MAC addresses are the same, and can only be performed based on different source MAC addresses. Distinguish and identify: so one-to-many, also known as PAT--port address translation
First use ACL to grab the private ip address that can be converted (define the traffic of interest)
[r7]acl 2000
[r7-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[r7-acl-basic-2000]
Then call [r7]interface g0/0/2
[r7-GigabitEthernet0/0/2]nat outbound 2000 on the interface with the public ip address
2. Many to many
Because of one-to-many, a maximum of 65535 data packets can be forwarded in a single point of time, because an ip address only has 65535 port numbers, so when the intranet traffic is large in a large network, in order to achieve real-time communication, use Multiple public ip addresses to work simultaneously
private ip address range
[r7]acl 2001
[r7-acl-basic-2001]rule permit source 192.168.0.0 0.0.255.255
[r7-acl-basic-2001]quPublic IP address range 12.1.1.3 to 12.1.1.10
[r7] nat address-group 1 12.1.1.3 12.1.1.10External network interface
[r7]int g0/0/2
[r7-GigabitEthernet0/0/2]nat outbound 2001 address-group 1
[r7-GigabitEthernet0/0/2]nat outbound 2001 address-group 1 no-patRemember : whether to add no-pat at the end of the command is very different
Do not add no-pat for dynamic many-to-many -- all traffic is cyclically converted to 65535 ports of all public ip addresses
Add no-pat for static many-to-many --- the private IP address that comes out first forms a one-to-one fixed binding with these public IP addresses, and the traffic that comes out later will not be converted to public IP addresses
3. One to one
Static NAT inherently binds a public ip address to a private ip address, and binds the public ip address 12.1.1.3 to the private ip address 192.168.1.10
[r7-GigabitEthernet0/0/2]nat server global 12.1.1.3 inside 192.168.1.10
4. Port mapping
Bind a specific port of an ip address to a specific port of a private ip
[r7-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 80 inside 192.168.1.10 80
Warning:The port 80 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
[r7-GigabitEthernet0/0/2]The above configuration is realized. When the outside accesses the g0/0/2 port ip address of R5, when the target port is 80, it is converted to port 80 of 192.168.1.10
[r7-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 8888 inside 192.168.1.20 80
The above configuration is realized. When the outside accesses the g0/0/2 port ip address of R7, when the target port is 8888, it is converted to port 80 of 192.168.1.20