NAT -- Network Address Translation
I. Overview
- NAT (Network Address Translation), when some hosts in the private network have already been assigned local IP addresses (private addresses used only in this private network), but want to communicate with hosts on the Internet, the NAT method can be used .
- This method needs to install NAT software on the router that connects the private network (private network IP) to the Internet (public network IP). A router equipped with NAT software is called a NAT router, and it has at least one valid external global IP address. In this way, when all hosts using local addresses communicate with the outside world, their local addresses must be converted into global IP addresses on the NAT router in order to connect to the Internet.
- In addition, this method of using a small number of global IP addresses (public IP addresses) to represent more private IP addresses will help slow down the depletion of available IP address space.
Two. NAT role
Convert internal (private) addresses to external (public) addresses
3. NAT application direction
1. There are not enough public IPs to connect to the internet
2. Re-addressing is required when changing the ISP
3. Merge two internal networks with overlapping address spaces
4. Use a single IP address to support basic load sharing
4. Advantages of NAT
1. Saves the public network IP address
2. Can handle the overlapping of addressing schemes
3. No need to re-address when the network changes
4. Hides the real IP address
Five. Examples
1. Static NAT (one internal network address to one public network address)
1.1 Topological map
1.2 PC1, PC2 configuration
1.3 Enterprise export configuration
1.4 Carrier configuration
1.5 The operator can ping 200.1.1.1 after configuration
1.6 The enterprise export can ping 192.168.1.1 and 192.168.1.2
1.7 Then enable static NAT on the g0/0/1 port of the enterprise export
1.8 View the corresponding relationship
2. Dynamic NAT
2.1 Take the above topology diagram as an example
2.2 After the address pool is configured, PC1 and PC2 can ping the operator's address and they can ping through
3. NATPT (port mapping)
3.1 Topological map
3.2 Configure Server1, Client1 address and gateway
3.3 Enter the operator to configure the address, and after the address is configured, Client1 can ping 202.1.1.2
3.4 Make a default route for the enterprise export. After the default route is completed, Client1 can ping 202.1.1.2
3.5 Do port mapping of Server1 for the enterprise port g0/0/1, and see if it can be connected
4.Easy ip (multiple intranet addresses to one interface)
4.1 Continue to do the above picture directly, first undo the mapping
4.2 Configure Easy ip directly
4.3 Check whether PC1 and PC2 are pinged
6. Summary
A default route must be configured on the egress router