Technical background

• legal IP Address resources are increasingly scarce
• Effectively hide internal hosts IP, It has a certain role in network security protection

NAT principle ： change IP baotou 、 Make destination address 、 The source address or two addresses are replaced by different addresses in the header

NAT classification ：

static state NAT： One to one address mapping

dynamic NAT： Pick from the address pool

NAT overload （PAT）： Allow internal address mapping to an external address

static state NAT

Two routers are respectively configured with default routes , The whole network is connected

1.PC0 Use the public address to access the Internet server  , stay R0 The upper configuration enables static address translation between internal local and external legal addresses

ip nat  inside soure static 192.168.10.1 76.12.16.139   # The former is the internal address , Followed by the external address to be mapped

Enable on internal and external ports NAT

int e0/0/0

ip nat inside

int f0/1

ip nat outside

show ip nat translations

2. Will be inside server HTTP Services are mapped to the public network IP PC Through the public network IP Internal access server

ip nat inside source static tcp 192.168.20.1 80 76.12.16.140 80

int f0/0

ip nat in

show ip nat translations

dynamic NAT

dynamic NAT Configuration steps

1. To configure ACL, Intranet range for address translation

access-list 1 permit 192.168.10.0 0.0.0.255

int f0/0

ip access-group in

2. Configure the translated address pool

ip nat pool  pool-1 76.12.16.139 76.12.16.141 netmask 255.255.255.248

3. Set up ACL Mapping relationship with address pool

ip nat inside source list 1 pool pool-1

4. Enable on internal and external ports NAT

int f0/0

ip nat inside

int f0/1

ip nat outside

show ip nat translation      # Check out the NAT Address translation address