Today I want to introduce this experiment is the basic configuration of NAT, I feel a lot of fun
Before the experiment start with a note: that is to choose a router, it initially chose Router router configuration problems are not the result of what is pc machine and the external network of ping nowhere, depressed for a long time
Preferably AR2200 routers present experiment, no problem
Man of few words said, to test it!
This is my experiment topology:
First, we look at the code table in accordance with the basic configuration it (omitted)
Once you've configured to detect what we direct line connectivity
It should be no problem.
Second, configure static NAT
First configure a default route to access the Internet at R1
As with all private ip address used within the network, employees can not directly access the public network. Now you need to configure the gateway in the address translation NAT router R1, converts private addresses to public addresses
Assigned a public network ip address 202.169.10.5 PC1 to do static NAT address translation. Nat static configuration commands using the internal address to the external address converting one R1 is in G0 / 0/0 interface.
After the configuration. R1 what we see on the NAT static configuration information, and test the connectivity to external networks.
Grab my bag to see if the conversion is successful, good
We have seen 172.16.1.1 private network into a public address 202.169.10.5, analog loopback 0 accessed by the user on the external network R2, PC1 in the capture e0 / 0/1
The show was a success!
Third, configure NAT Outbound
Marketing staff will need to access the Internet. Now need to use a public address pool for NAT is required 202.169.10.50-202.169.10.60
nat address-group 1 202.169.10.50 202.169.10.60 address pool
Create a basic ACL 2000, matching addresses 20.1.1.0 mask 24
Use nat outbound command at G0 / 0/0 interface ACL 2001 with an address associated with the pool, so that the address specified in the ACL may be used NAT address pool
After a look at NAT Outbound message:
Use PC2 connectivity test and the external network, the R1 interface g0 / 0/0 Ethereal
We see success! Are interested can look at themselves caught my bag.
Fourth, configure NAT Easy-IP
当人数过大时,使用地址池难免会浪费,这时可以用多对一的Easy-IP转换方式实现员工访问需求
Easy-IP是NAPT的一种方式,直接借用路由器的出口ip地址作为公网地址,将不同内部地址映射到同一公有地址的不同端口号上,实现多对一的转换。现在在R1的E0/0/0接口为Easy-IP接口
先删除NAT Outbound 配置,用nat outbound命令配置Easy-IP 特征,直接使用接口ip地址作为NAT转换后的地址
配置好后,用pc3 和pc2发送一下数据包到202.169.20.1,配置好目的ip,UDP源、目的端口号,发送
之后我们在R1上查看NAT Session详细信息
五、配置NAT Server
公司内部Server提供FTP服务供外网用户访问,配置NATServer 并使用公网IP地址202.169.10.6对外公布服务器地址,然后开启NAT ALG 功能。因为对于封装在ip数据报文中的应用层协议报文,正常的NAT转换会导致错误,在开启某应用协议的NAT ALG 功能后,该应用协议报文可以正常NAT转换,否则协议不能正常工作。
在R1G0/0/0接口上,使用nat server 命令定义内部服务器的映射表,指定服务器协议类型为TCP,配置服务器使用的公网ip202.169.10.6.服务器内网地址172.16.1.3 ,指定端口21,此端口号可以直接使用关键字ftp代替
查看下NAT Server信息
看,成功了!
公网用户可以成功登录公司内的私网FTP服务器。
z