Network Access Control-Network Address Translation

Network Access Control-Network Address Translation

With the development of the Internet and the increase in network applications, the exhaustion of IPv4 addresses has become a bottleneck restricting network development. Although IPv6 can fundamentally solve the problem of insufficient IPv4 address space, many network devices and network applications are still based on IPv4. Therefore, before the widespread use of IPv6, the use of some transitional technologies is the main technical means to solve this problem.

Network address translation technology NAT (Network address Translation) is mainly used to enable hosts in the internal network to access the external network. When a host in a local area network needs to access the external network, its private network address can be converted into a public network address through NAT technology, and multiple private network users can share one public network address, which can ensure network interoperability and save public network addresses.

1. Application scenarios and types

1. NAT application scenarios

NAT Application Scenarios

The network used by enterprises or families is a private network that uses private addresses; the network maintained by operators is a public network that uses public addresses. Private addresses cannot be routed in the public network. NAT is generally deployed on gateway devices connecting to the intranet or the extranet.

2. Static NAT

Static NAT

  • Static NAT implements a one-to-one mapping between private and public addresses.
  • A public IP address is only assigned to a unique and fixed intranet host.

3. Dynamic NAT

Dynamic NAT

Dynamic NAT implements the conversion between private and public addresses based on the address pool.

4. NAPT

NAPT

Network Address Port Translation (NAPT) allows multiple internal addresses to be mapped to different ports of the same public address.

5. Easy IP

Easy IP

Easy IP allows multiple internal addresses to be mapped to different ports on the gateway's outbound interface address.

6. NAT Server

NAT Server

By configuring a NAT server, external users can access internal servers.

2. Basic Configuration

1. Static NAT configuration

On RTA:

  1. Interface gigabitethernet0/0/1  
  2. IP address 192.168.1.254 24  
  3. Interface gserial 1/0/0  
  4. IP address 200.10.10.2 24  
  5. Nat static global 202.10.10.1 inside 192.168.1.1  
  6. Nat static global 202.10.10.2 inside 192.168.1.2

2. Dynamic NAT configuration

On RTA:

  1. Nat address-group 1 200.10.10.1 200.10.10.2
  2. Acl 2000
  3. Rule 5 permit source 192.168.1.0 0.0.0.255
  4. Quit
  5. Interface serial 1/0/0
  6. Nat outbound 2000 address-group 1 no-pat

3. Easy ip configuration

On RTA:

  1. Acl 2000  
  2. Rule 5 permit source 192.168.1.0 0.0.0.255  
  3. Quit  
  4. Interface serial 1/0/0  
  5. Nat outbound 2000

4. NAT server configuration

On RTA:

  1. Interface gigabitethernet0/0/1  
  2. IP address 192.168.1.254 24  
  3. Interface serial1/0/0  
  4. IP address 200.10.10.2 24  
  5. Nat server protocol tcp global 202.10.10.1 www inside 192.168.1.1. 8080

<<:  How to solve VirtualBox bridged networking problems?

>>:  With this subnet division summary, I know all about subnet mask design~

Recommend

Technology trends 2024: The impact of AI, 5G, IoT and blockchain

As 2024 begins, many technology trends are taking...

#Has run away#Limewave: $2.7/month-2GB/20GB/5TB/Seattle data center

【Attention】This merchant has run away!!! Limewave...

5G network speed is not as fast as 4G. Is this a trick of the operators?

Do you often hear descriptions like “5G Internet ...

How will operators charge in the 5G era? IT leaders say...

2019 is the first year of 5G commercialization. S...

5G-enabled IoT use cases

The commercial use of 5G provides enterprises wit...

How practical is 5G for ordinary people?

5G has three main advantages over 4G: high speed,...

Do you know some new features of RocketMQ 5.0? Let me tell you.

In order to evolve towards cloud native and impro...

EtherNetservers: $14.95/year-1GB/40GB/1TB/Los Angeles & New Jersey data centers

EtherNetservers is a 10-year-old foreign hosting ...

5G networks and IoT: Research reveals cybersecurity risks

The researchers said the risks of 5G networks are...