■ Inside global address: A valid public address that the inside host is given when it exits the NAT router.
■ Outside global address: A reachable IP address assigned to a host on the Internet.
■ Outside local address: The local IP address assigned to a host on the outside network. situations, this address is identical to the outside global address of that outside device.
Configuring Static NAT
Static NAT is a one-to-one mapping between an inside address and an outside address. Static NAT allows connections initiated by external devices to inside devices. For instance, you might want to map an inside global address to a specific inside local address that is assigned to your web server. The steps and syntax to configure static NAT are as follows:
Step 1
Configure the static translation of an inside local address to an inside global address:
Router(config)# ip nat inside source static local-ip global-ip
Step 2
Specify the inside interface:
Router(config)# interface type number
Router(config-if)# ip nat inside
Step 3
Specify the outside interface:
Router(config)# interface type number
Router(config-if)# ip nat outside
Example:
R1(config)# ip nat inside source static 192.168.10.10 209.10.10.1
R1(config)# interface serial0/0/0
R1(config-if)# ip nat inside
R1(config-if)# interface serial 0/1/0
R1(config-if)# ip nat outside
Configuring Dynamic NAT
Dynamic NAT maps private IP addresses to public addresses drawn from a NAT pool. The steps and syntax to configure dynamic NAT are as follows:
Step 1
Define a pool of global addresses to be allocated:
Router(config)# ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}
Step 2
Define a standard access list permitting those addresses that are to be translated:
Router(config)# access-list access-list-number source wildmask
Step 3
Bind the pool of addresses to the access list:
Router(config)# ip nat inside source list access-list-number pool name
Step 4
Specify the inside interface:
Router(config)# interface type number
Router(config-if)# ip nat inside
Step 5
Specify the outside interface:
Router(config)# interface type number
Router(config-if)# ip nat outside
Example:
R2(config)# ip nat pool NET 201.10.10.1 201.10.10.30
netmask 255.255.255.224
R2(config)# access-list 1 permit 192.168.0.0 0.0.255.255R2(config)# ip nat inside source list 1 pool NET
R2(config)# interface serial 0/0/0
R2(config-if)# ip nat inside
R2(config-if)# interface serial s0/1/0
R2(config-if)# ip nat outside
Configuring NAT Overload
Commonly with home networks and small to medium-sized businesses, the ISP assigns only one registered IP address to your router. Therefore, it is necessary to overload that one IP address so that multiple inside clients can use it simultaneously.
Example:
R1(config)# access-list 1 permit 192.168.0.0 0.0.255.255
R1(config)# ip nat inside source list 1 interface serial 0/1/0 overload
R1(config)# interface serial 0/0/0
R1(config-if)# ip nat inside
R1(config-if)# interface serial s0/1/0
R1(config-if)# ip nat outside
Verifying NAT
# show ip nat translations
# show ip nat statistics
# clear ip nat translation *
# debug ip packet
# debug ip nat
biOos
No comments:
Post a Comment