Network Access Control-Network Address Translation

With the development of the Internet and the increase in network applications, the exhaustion of IPv4 addresses has become a bottleneck restricting network development. Although IPv6 can fundamentally solve the problem of insufficient IPv4 address space, many network devices and network applications are still based on IPv4. Therefore, before the widespread use of IPv6, the use of some transitional technologies is the main technical means to solve this problem.

Network address translation technology NAT (Network address Translation) is mainly used to enable hosts in the internal network to access the external network. When a host in a local area network needs to access the external network, its private network address can be converted into a public network address through NAT technology, and multiple private network users can share one public network address, which can ensure network interoperability and save public network addresses.

1. Application scenarios and types

1. NAT application scenarios

NAT Application Scenarios

The network used by enterprises or families is a private network that uses private addresses; the network maintained by operators is a public network that uses public addresses. Private addresses cannot be routed in the public network. NAT is generally deployed on gateway devices connecting to the intranet or the extranet.

2. Static NAT

Static NAT

• Static NAT implements a one-to-one mapping between private and public addresses.
• A public IP address is only assigned to a unique and fixed intranet host.

3. Dynamic NAT

Dynamic NAT

Dynamic NAT implements the conversion between private and public addresses based on the address pool.

4. NAPT

NAPT

Network Address Port Translation (NAPT) allows multiple internal addresses to be mapped to different ports of the same public address.

5. Easy IP

Easy IP

Easy IP allows multiple internal addresses to be mapped to different ports on the gateway's outbound interface address.

6. NAT Server

NAT Server

By configuring a NAT server, external users can access internal servers.

2. Basic Configuration

1. Static NAT configuration

On RTA:

 Interface gigabitethernet0/0/1  
 IP address 192.168.1.254 24  
 Interface gserial 1/0/0  
 IP address 200.10.10.2 24  
 Nat static global 202.10.10.1 inside 192.168.1.1  
 Nat static global 202.10.10.2 inside 192.168.1.2

2. Dynamic NAT configuration

On RTA:

 Nat address-group 1 200.10.10.1 200.10.10.2
 Acl 2000
 Rule 5 permit source 192.168.1.0 0.0.0.255
 Quit
 Interface serial 1/0/0
 Nat outbound 2000 address-group 1 no-pat

3. Easy ip configuration

On RTA:

 Acl 2000  
 Rule 5 permit source 192.168.1.0 0.0.0.255  
 Quit  
 Interface serial 1/0/0  
 Nat outbound 2000

4. NAT server configuration

On RTA:

 Interface gigabitethernet0/0/1  
 IP address 192.168.1.254 24  
 Interface serial1/0/0  
 IP address 200.10.10.2 24  
 Nat server protocol tcp global 202.10.10.1 www inside 192.168.1.1. 8080