NAT.pdf

(53 KB) Pobierz

N ETWORK A DDRESS T RANSLATION

packetlife.net

Example Topology

Address Classification

Inside Local An actual address assigned to

an inside host

An inside address seen from

the outside

Inside Global

Outside Global An actual address assigned to

an outside host

An outside address seen from

the inside

FastEthernet0

10.0.0.1/16

NAT Inside

FastEthernet1

174.143.212.1/22

NAT Outside

Outside Local

NAT Boundary Configuration

Perspective

interface FastEthernet0

ip address 10.0.0.1 255.255.0.0

ip nat inside

Local

Global

Inside Local

Inside Global

Inside

!

interface FastEthernet1

ip address 174.143.212.1 255.255.252.0

ip nat outside

Outside Local Outside Global

Outside

Static Source Translation

Terminology

NAT Pool

A pool of IP addresses to be used as inside

global or outside local addresses in translations

! One line per static translation

ip nat inside source static 10.0.0.19 192.0.2.1

ip nat inside source static 10.0.1.47 192.0.2.2

ip nat outside source static 174.143.212.133 10.0.0.47

ip nat outside source static 174.143.213.240 10.0.2.181

Port Address Translation (PAT)

An extension to NAT that translates information

at layer four and above, such as TCP and UDP

port numbers; dynamic PAT configurations

include the overload keyword

Dynamic Source Translation

! Create an access list to match inside local addresses

access-list 10 permit 10.0.0.0 0.0.255.255

!

! Create NAT pool of inside global addresses

ip nat pool MyPool 192.0.2.1 192.0.2.254 prefix-length 24

!

! Combine them with a translation rule

ip nat inside source list 10 pool MyPool

!

! Dynamic translations can be combined with static entries

ip nat inside source static 10.0.0.42 192.0.2.42

Extendable Translation

The extendable keyword must be appended

when multiple overlapping static translations are

configured

Special NAT Pool Types

Rotary Used for load balancing

Preserves the host portion of

the address after translation

Match-

Host

Port Address Translation (PAT)

Troubleshooting

show ip nat translations [verbose]

! Static layer four port translations

ip nat inside source static tcp 10.0.0.3 8080 192.0.2.1 80

ip nat inside source static udp 10.0.0.14 53 192.0.2.2 53

ip nat outside source static tcp 174.143.212.4 23 10.0.0.8 23

!

! Dynamic port translation with a pool

ip nat inside source list 11 pool MyPool overload

!

! Dynamic translation with interface overloading

ip nat inside source list 11 interface FastEthernet1 overload

show ip nat statistics

clear ip nat translations

NAT Translations Tuning

ip nat translation tcp-timeout <seconds>

ip nat translation udp-timeout <seconds>

ip nat translation max-entries <number>

Inside Destination Translation

! Create a rotary NAT pool

ip nat pool LoadBalServers 10.0.99.200 10.0.99.203 prefix-length 24 type rotary

!

! Enable load balancing across inside hosts for incoming traffic

ip nat inside destination list 12 pool LoadBalServers

by Jeremy Stretch

v1.0

1016647109.092.png

1016647109.103.png

1016647109.114.png

1016647109.125.png

1016647109.001.png

1016647109.012.png

1016647109.023.png

1016647109.034.png

1016647109.045.png

1016647109.047.png

1016647109.048.png

1016647109.049.png

1016647109.050.png

1016647109.051.png

1016647109.052.png

1016647109.053.png

1016647109.054.png

1016647109.055.png

1016647109.056.png

1016647109.057.png

1016647109.058.png

1016647109.059.png

1016647109.060.png

1016647109.061.png

1016647109.062.png

1016647109.063.png

1016647109.064.png

1016647109.065.png

1016647109.066.png

1016647109.067.png

1016647109.068.png

1016647109.069.png

1016647109.070.png

1016647109.071.png

1016647109.072.png

1016647109.073.png

1016647109.074.png

1016647109.075.png

1016647109.076.png

1016647109.077.png

1016647109.078.png

1016647109.079.png

1016647109.080.png

1016647109.081.png

1016647109.082.png

1016647109.083.png

1016647109.084.png

1016647109.085.png

1016647109.086.png

1016647109.087.png

1016647109.088.png

1016647109.089.png

1016647109.090.png

1016647109.091.png

1016647109.093.png

1016647109.094.png

1016647109.095.png

1016647109.096.png

1016647109.097.png

1016647109.098.png

1016647109.099.png

1016647109.100.png

1016647109.101.png

1016647109.102.png

1016647109.104.png

1016647109.105.png

1016647109.106.png

1016647109.107.png

1016647109.108.png

1016647109.109.png

1016647109.110.png

1016647109.111.png

1016647109.112.png

1016647109.113.png

1016647109.115.png

1016647109.116.png

1016647109.117.png

1016647109.118.png

1016647109.119.png

1016647109.120.png

1016647109.121.png

1016647109.122.png

1016647109.123.png

1016647109.124.png

1016647109.126.png

1016647109.127.png

1016647109.128.png

1016647109.129.png

1016647109.130.png

1016647109.131.png

1016647109.132.png

1016647109.133.png

1016647109.134.png

1016647109.135.png

1016647109.002.png

1016647109.003.png

1016647109.004.png

1016647109.005.png

1016647109.006.png

1016647109.007.png

1016647109.008.png

1016647109.009.png

1016647109.010.png

1016647109.011.png

1016647109.013.png

1016647109.014.png

1016647109.015.png

1016647109.016.png

1016647109.017.png

1016647109.018.png

1016647109.019.png

1016647109.020.png

1016647109.021.png

1016647109.022.png

1016647109.024.png

1016647109.025.png

1016647109.026.png

1016647109.027.png

1016647109.028.png

1016647109.029.png

1016647109.030.png

1016647109.031.png

1016647109.032.png

1016647109.033.png

1016647109.035.png

1016647109.036.png

1016647109.037.png

1016647109.038.png

1016647109.039.png

1016647109.040.png

1016647109.041.png

1016647109.042.png

1016647109.043.png

1016647109.044.png

1016647109.046.png

Plik z chomika:

Inne pliki z tego folderu:

IBM - TCP-IP Tutorial and Technical Overview.pdf (6166 KB)
CISCO - Spanning-Tree Protocols (STP RSTP MSTP).pdf (1161 KB)
physical_terminations.pdf (381 KB)
Cisco_IOS_Versions.pdf (67 KB)
VOIP_Basics.pdf (76 KB)

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin