NAT network address translation

Catalog

Preface

One .NAT function

Two .ACL effect

3、 ... and .ACL working principle

Four . Application rules

5、 ... and . static state nat

6、 ... and . dynamic nat

  summary

Preface

NAT（Network Address Translation）, Refers to network address translation ,1994 Put forward in . When some hosts in the private network have been assigned to the local IP Address , But when you want to communicate with a host on the Internet , You can use NAT Method . This method needs to be installed on the router connected to the Internet NAT Software . In this way, all hosts using local addresses communicate with the outside world , All in NAT Router converts its local address to global address IP Address , To connect to the Internet .

One .NAT function

solve ip The problem of insufficient address , It can also effectively prevent external intrusion , Hide and protect the network .
advantage ： High safety , flexibility , Economize on public ownership ip
shortcoming ： Delay increases , Configuration and maintenance are complex

static state nat： One to one conversion between private network and public network , Do not save the public network , But it can hide the network .

dynamic nat： Multiple private networks ip Corresponding to multiple public networks ip, One to one mapping based on address pool

Two .ACL effect

1. Used for access control of data packets （ Discard or release ）
2. In combination with other agreements , Used to match the range

3、 ... and .ACL working principle

When a packet passes through the interface , Because the interface is enabled ACL, At this time, the router will check the message , Then make the corresponding treatment .

Four . Application rules

1. The same direction of an interface , Only one... Can be called ACL
2. One ACL There can be more than one rule The rules , According to the rules ID Sort from small to large , From top to bottom
3. Once a packet is rule matching , No more downward matching
4. When used for packet access control , By default, all devices are implicitly let go

5、 ... and . static state nat

undo t m
user-interface console 0
idle-timeout 0
q
int g0/0/0
ip add 192.168.10.1 24
int g0/0/1
ip add 13.0.0.1 24
nat static global 8.8.8.8 inside 192.168.10.1

6、 ... and . dynamic nat

undo t m
user-interface console 0
idle-timeout 0
q
int g0/0/0
ip add 192.168.10.1 24
int g0/0/1
ip add 13.0.0.1 24
nat address-group 1 13.0.0.10 13.0.0.20
acl 2000
rule permit source 192.168.10.0 0.0.0.255
rule permit source 13.0.0.0 0.0.0.255
int g0/0/1
nat outbound 2000 address-group 1 no-pat

7、 ... and .PAT（ Port multiplexing ）

natserver

undo t m
user-interface console 0
idle-timeout 0
q
int g0/0/0
ip add 192.168.10.1 24
int g0/0/1
ip add 13.0.0.1 24
int g0/0/0
nat server protocol tcp global current-interface 80 inside 192.168.10.100 80

  summary

NAT Network address translation

ACL Control the flow of packets