If you don’t know NAT, you can’t be a good network engineer

[[436174]]

1. Network Address Translation Technology Background

Due to the shortage of IPv4 addresses, NAT technology came into being to slow down the exhaustion of IPv4 address resources. By dividing IP into private addresses and public addresses, private addresses do not require payment and can be designed and allocated by enterprise administrators. Public addresses need to be applied for from the IANA address distribution agency and require payment. When users access internal enterprise resources, they use private addresses for access, and only when internal enterprise users access Internet resources, they use public network addresses. NAT technology is a technology that converts private addresses into public addresses. In other words, NAT technology allows private users to access the Internet by sharing one or more public IP addresses.

2. NAT Terminology

3. Types of NAT

(1) static NAT (static network address translation): one-to-one address mapping

(2) Dynamic NAT (Dynamic Network Address Translation): Many-to-many address mapping

(3) PAT (Port Address Translation): many-to-one address mapping

4. NAT configuration

 ØStatic NAT configuration
 Router (config) #ip nat inside source static 11.1.1.1 12.1.1.1
 Router (config-if) #ip nat inside
 Router (config-if) #ip nat outside

 ØDynamic NAT configuration
 Router (config) #ip nat pool xmws 12.1.1.10 12.1.1.100 netmask 255.255.255.0
 Router (config) #access-list 100 permit ip 11.1.1.0 0.0.0.255 any
 Router (config) #ip nat inside source list 100 pool xmws
 Router (config-if) #ip nat inside
 Router (config-if) #ip nat outside

 ØPAT configuration
 Router (config) #access-list 100 permit ip 11.1.1.0 0.0.0.255 any
 Router (config) #ip nat inside source list 100 interface serial 0/1/0 overload -- All private addresses are converted to the address of the public network interface.
 // Router(config)#ip nat inside source list 100 pool youhj overload You can also deploy a pool address pool. Then convert all private addresses to public network addresses in the address pool.
 Router (config-if) #ip nat inside
 Router (config-if) #ip nat outside

5. Static PAT publishes internal servers

Technical Background: The server resources of an enterprise are generally provided to internal employees for access. However, some enterprises need to provide internal service resources to external users, such as the enterprise portal website. Since the internal servers of the enterprise use private IP addresses, external network devices cannot obtain the path information to reach the internal servers of the enterprise, that is, external users cannot access the server resources of the enterprise. In order to solve this problem, static PAT is deployed to publish the internal servers of the enterprise to the Internet for external users to access.

Configuration implementation:

 outer (config) #ip nat inside source static tcp 11.1.1.1 80 12.1.1.1 80
 Router (config-if) #ip nat inside
 Router (config-if) #ip nat outside

6. Check NAT configuration

(1) Is there an ACL, or is it denying the corresponding data packets from entering the NAT router?

(2) Whether the NAT command correctly specifies the data packet to be translated

(3) Are there enough addresses in the NAT pool?

(4) Are the positions of the ip nat inside and ip nat outside commands correct?

(5) View the corresponding NAT table: Router# show ip nat translations