Licenciado
Páginas: 27 (6554 palabras)
Publicado: 4 de noviembre de 2012
CHAPTER 23
Network Address Translation
This chapter provides information and commands concerning the following topics: • Private IP addresses: RFC 1918 • Configuring dynamic NAT: One private to one public address translation • Configuring Port Address Translation (PAT): Many private to one public address translation • Configuring static NAT: One private to one permanent public addresstranslation • Verifying NAT and PAT configurations • Troubleshooting NAT and PAT configurations • Configuration example: PAT
Private IP Addresses: RFC 1918
The following table lists the address ranges as specified in RFC 1918 that can be used by anyone as internal private addresses. These will be your “inside-the-LAN” addresses that will have to be translated into public addresses that can be routed acrossthe Internet. Any network is allowed to use these addresses; however, these addresses are not allowed to be routed onto the public Internet.
Private Addresses Class RFC 1918 Internal Address Range CIDR Prefix
A B C
10.0.0.0–10.255.255.255 172.16.0.0–172.31.255.255 192.168.0.0–192.168.255.255
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
Configuring Dynamic NAT: One Private to One PublicAddress Translation
NOTE: For a complete configuration of NAT/PAT with a diagram for visual assistance, see the sample configuration at the end of this chapter.
222
Configuring Dynamic NAT: One Private to One Public Address Translation
Step 1: Define a static route on the remote router stating where the public addresses should be routed. Step 2: Define a pool of usable public IP addresses on yourrouter that will perform NAT.
i ISP(config)#ip route 64.64.64.64 255.255.255.128 s0/0/0
Informs the ISP router where to send packets with addresses destined for 64.64.64.64 255.255.255.128.
The private address will receive the first available public address in the pool.
i Corp(config)#ip nat pool scott 64.64.64.70 64.64.64.126 netmask 255.255.255.128
Defines the following: The name ofthe pool is scott. (The name of the pool can be anything.) The start of the pool is 64.64.64.70. The end of the pool is 64.64.64.126. The subnet mask is 255.255.255.128.
Step 3: Create an access control list (ACL) that will identify which private IP addresses will be translated. Step 4: Link the ACL to the pool of addresses (create the translation).
a Corp(config)#access-list 1 permit172.16.10.0 0.0.0.255
i Corp(config)#ip nat inside source list 1 pool scott
Defines the following: The source of the private addresses is from ACL 1. The pool of available public addresses is named scott.
Configuring PAT: Many Private to One Public Address Translation
223
Step 5: Define which interfaces are inside (contain the private addresses).
i Router(config)#interface fastethernet0/0 i Router(config-if)#ip nat inside
Moves to interface configuration mode. You can have more than one inside interface on a router. Addresses from each inside interface are then allowed to be translated into a public address. Returns to global configuration mode.
e Router(config-if)#exit
Step 6: Define the outside interface (the interface leading to the public network).
iRouter(config)#interface serial 0/0/0 i Router(config-if)#ip nat outside
Configuring PAT: Many Private to One Public Address Translation
All private addresses use a single public IP address and numerous port numbers for translation. Step 1: Define a static route on the remote router stating where public addresses should be routed.
i ISP(config)#ip route 64.64.64.64 255.255.255.128 s0/0
Informs the Internetservice provider (ISP) where to send packets with addresses destined for 64.64.64.64 255.255.255.128.
224
Configuring PAT: Many Private to One Public Address Translation
Step 2: Define a pool of usable public IP addresses on your router that will perform NAT (optional).
Use this step if you have many private addresses to translate. A single public IP address can handle thousands of...
Network Address Translation
This chapter provides information and commands concerning the following topics: • Private IP addresses: RFC 1918 • Configuring dynamic NAT: One private to one public address translation • Configuring Port Address Translation (PAT): Many private to one public address translation • Configuring static NAT: One private to one permanent public addresstranslation • Verifying NAT and PAT configurations • Troubleshooting NAT and PAT configurations • Configuration example: PAT
Private IP Addresses: RFC 1918
The following table lists the address ranges as specified in RFC 1918 that can be used by anyone as internal private addresses. These will be your “inside-the-LAN” addresses that will have to be translated into public addresses that can be routed acrossthe Internet. Any network is allowed to use these addresses; however, these addresses are not allowed to be routed onto the public Internet.
Private Addresses Class RFC 1918 Internal Address Range CIDR Prefix
A B C
10.0.0.0–10.255.255.255 172.16.0.0–172.31.255.255 192.168.0.0–192.168.255.255
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
Configuring Dynamic NAT: One Private to One PublicAddress Translation
NOTE: For a complete configuration of NAT/PAT with a diagram for visual assistance, see the sample configuration at the end of this chapter.
222
Configuring Dynamic NAT: One Private to One Public Address Translation
Step 1: Define a static route on the remote router stating where the public addresses should be routed. Step 2: Define a pool of usable public IP addresses on yourrouter that will perform NAT.
i ISP(config)#ip route 64.64.64.64 255.255.255.128 s0/0/0
Informs the ISP router where to send packets with addresses destined for 64.64.64.64 255.255.255.128.
The private address will receive the first available public address in the pool.
i Corp(config)#ip nat pool scott 64.64.64.70 64.64.64.126 netmask 255.255.255.128
Defines the following: The name ofthe pool is scott. (The name of the pool can be anything.) The start of the pool is 64.64.64.70. The end of the pool is 64.64.64.126. The subnet mask is 255.255.255.128.
Step 3: Create an access control list (ACL) that will identify which private IP addresses will be translated. Step 4: Link the ACL to the pool of addresses (create the translation).
a Corp(config)#access-list 1 permit172.16.10.0 0.0.0.255
i Corp(config)#ip nat inside source list 1 pool scott
Defines the following: The source of the private addresses is from ACL 1. The pool of available public addresses is named scott.
Configuring PAT: Many Private to One Public Address Translation
223
Step 5: Define which interfaces are inside (contain the private addresses).
i Router(config)#interface fastethernet0/0 i Router(config-if)#ip nat inside
Moves to interface configuration mode. You can have more than one inside interface on a router. Addresses from each inside interface are then allowed to be translated into a public address. Returns to global configuration mode.
e Router(config-if)#exit
Step 6: Define the outside interface (the interface leading to the public network).
iRouter(config)#interface serial 0/0/0 i Router(config-if)#ip nat outside
Configuring PAT: Many Private to One Public Address Translation
All private addresses use a single public IP address and numerous port numbers for translation. Step 1: Define a static route on the remote router stating where public addresses should be routed.
i ISP(config)#ip route 64.64.64.64 255.255.255.128 s0/0
Informs the Internetservice provider (ISP) where to send packets with addresses destined for 64.64.64.64 255.255.255.128.
224
Configuring PAT: Many Private to One Public Address Translation
Step 2: Define a pool of usable public IP addresses on your router that will perform NAT (optional).
Use this step if you have many private addresses to translate. A single public IP address can handle thousands of...
Leer documento completo
Regístrate para leer el documento completo.