《网路地址转换NAT-PAT.ppt》由会员分享,可在线阅读,更多相关《网路地址转换NAT-PAT.ppt(28页珍藏版)》请在三一办公上搜索。
1、Chapter 14Scaling IP Addresses with NAT and PAT,Objectives,Upon completion of this chapter,you will be able to perform the following tasks:Identify how NAT and PAT solve the limited IP address problem and describe how they operateConfigure NAT and PATVerify NAT and PAT,Chapter Activities,Windows 95
2、PC,Modem,Branch office,ISDN/analog,Small office,Central site,Frame Relay,PRI,BRI,BRI,Frame Relay,Async,AAA server,Async,SA,SA,Inside Local,IP Address,Inside Global IP,Address,NAT table,PAT,Why Use NAT?,Use NAT if:You need to connect to the Internet and your hosts do not have globally unique IP addre
3、ssesYou change over to a new ISP that requires you to renumber your networkTwo intranets with duplicate addresses merge You want to support basic load sharing,NAT Implementation Considerations,Advantages Conserves legally registered addressesReduces address overlap occurrenceIncreases flexibility wh
4、en connecting to InternetEliminates address renumbering as network changes,DisadvantagesTranslation introduces switching path delaysLoss of end-to-end IP traceabilityCertain applications will not function with NAT enabled,NAT Overview and Terminology,Internet,Inside,Inside Local IP,Address,Simple NA
5、T table,Inside Global,IP Address,Host B,A,C,B,A,B,D,SA,DA,SA,DA,NAT Operation,Inside Local,IP Address,NAT table,Inside Global,IP Address,NAT functions:Translation inside local addressesOverloading inside global addressesTCP load distributionHandling overlapping networks,Internet,Inside,Translating I
6、nside Local Addresses,NAT table,Inside Local IP Address,Inside Global,IP Address,Internet,Inside,Host B,1,3,SA,DA,SA,DA,4,5,2,Overloading Inside Global Addresses,10.1.1.2:1723,10.1.1.1:1024,NAT table,192.168.2.2:1723,192.168.2.2:1024,172.21.7.3:23,172.20.7.3:23,TCP,TCP,10.1.1.3:1723,192.168.2.2:1492
7、,172.21.7.3:23,TCP,Internet,Inside,Host B,1,3,SA,DA,SA,DA,4,5,2,Host C,DA,4,Inside Global IP,Address:Port,Outside Global,IP Address:Port,Protocol,Inside Local IP,Address:Port,TCP Load Distribution,NAT table,Inside Global IP,Address:Port,10.1.1.127:80,10.1.1.127:80,10.1.1.127:80,Outside Global,IP Add
8、ress:Port,172.20.7.3:3058,172.21.7.3:4371,172.20.7.3:3062,Protocol,TCP,TCP,TCP,Inside Local IP,Address:Port,10.1.1.1:80,10.1.1.2:80,10.1.1.3:80,Internet,Inside,Host B,4,5,SA,DA,SA,DA,1,3,2,Host C,Virtualhost,Realhosts,Handling Overlapping Networks,Internet,DNS ser,ver,Host C,Inside Local IP Address,
9、Inside Global IP Address,Outside Global IP Address,Outside Local IP Address,NAT table,DNS request for host C address,10.1.1.1 message to host C,10.1.1.1 message to host C,DNS request for host C address,Static NAT Configuration Example,ip nat!interface Ethernet0 ip ip nat inside!interface Serial0 ip
10、ip nat outside!,Maps the inside local address to the inside global address.,This interface connected to the outside world.,This interface connected to the inside network.,ip nat pool dyn-nat 192.168.2.1 192.168.2.254 netmaskip nat inside source list 1 pool dyn-nat!interface Ethernet0 ip ip nat insid
11、e!interface Serial0 ip ip nat outside!,Dynamic NAT Configuration,This interface connected to the outside world.,This interface connected to the inside network.,Configuring Inside Global Address Overloading,ip nat pool ovrld-natnetmaskip nat inside source list 1 pool ovrld-nat overload!interface Ethe
12、rnet0/0 ip ip nat inside!interface Serial0/0 ip ip nat outside!,Configuring TCP Load Distribution,ip nat pool real-hosts 10.1.1.1 10.1.1.126 prefix-length 24 type rotary ip nat inside destination list 2 pool real-hosts!interface serial0 ip address 192.168.1.129 255.255.255.224 ip nat outside!interfa
13、ce ethernet0 ip ip nat inside!,Configuring NAT to Translate Overlapping Addresses,ip nat pool net-2 192.2.2.1 192.2.2.254 prefix-length 24ip nat pool net-10 10.0.1.1 10.0.1.254 prefix-length 24 ip nat outside source list 1 pool net-2ip nat inside source list 1 pool net-10!interface Serial0 ip ip nat
14、 outside!interface Ethernet0 ip ip nat inside!,Router#sh ip nat transPro Inside global Inside local Outside local Outside globaltcp 192.168.2.1:11003 10.1.1.1:11003 172.16.2.2:23 172.16.2.2:23tcp 192.168.2.1:1067 10.1.1.1:1067 172.16.2.3:23 172.16.2.3:23,Verifying NAT,A translation for a Telnet is s
15、till active.Two different inside hosts appear on the outside with a single IP address.,Basic IP address translation,Unique TCP port numbers are used to distinguishbetween hosts.,Router#show ip nat transProInside globalInside localOutside local Outside global-192.2.2.110.1.1.1-192.2.2.210.1.1.2-,IP a
16、ddress translation with overloading,Router#debug ip natNAT:s=10.1.1.1-192.168.2.1,d=172.16.2.2 0NAT:s=172.16.2.2,d=192.168.2.1-10.1.1.1 0NAT:s=10.1.1.1-192.168.2.1,d=172.16.2.2 1NAT:s=10.1.1.1-192.168.2.1,d=172.16.2.2 2NAT:s=10.1.1.1-192.168.2.1,d=172.16.2.2 3NAT*:s=172.16.2.2,d=192.168.2.1-10.1.1.1
17、 1NAT:s=172.16.2.2,d=192.168.2.1-10.1.1.1 1NAT:s=10.1.1.1-192.168.2.1,d=172.16.2.2 4NAT:s=10.1.1.1-192.168.2.1,d=172.16.2.2 5NAT:s=10.1.1.1-192.168.2.1,d=172.16.2.2 6NAT*:s=172.16.2.2,d=192.168.2.1-10.1.1.1 2,Troubleshooting NAT,An example address translation inside-to-outside.,A reply to the packet
18、 sent.,An example TCP conversation,inside-to-outside.,*Indicates translation was in the fast path.,Clearing NAT Translation Entries,All entries are cleared.,192.168.2.2 is cleared.,Router#sh ip nat transPro Inside global Inside local Outside local Outside globaltcp 192.168.2.1:11003 10.1.1.1:11003 1
19、72.16.2.2:23 172.16.2.2:23tcp 192.168.2.1:1067 10.1.1.1:1067 172.16.2.3:23 172.16.2.3:23router#clear ip nat trans*router#router#show ip nat trans,router#show ip nat transPro Inside global Inside local Outside localOutside globaludp 192.168.2.2:1220 10.1.1.2:1120 171.69.2.132:53 171.69.2.132:53 tcp 1
20、92.168.2.1:1100310.1.1.1:11003 172.16.2.2:23 172.16.2.2:23tcp 192.168.2.1:1067 10.1.1.1:1067 172.16.2.3:23 172.16.2.3:23router#clear ip nat trans udp inside 192.168.2.2 1220 10.1.1.2 1120171.69.2.132 53 171.69.2.132 53 router#show ip nat transPro Inside global Inside local Outside localOutside globa
21、ltcp 192.168.2.1:11003 10.1.1.1:11003 172.16.2.2:23 172.16.2.2:23tcp 192.168.2.1:1067 10.1.1.1:1067 172.16.2.3:23 172.16.2.3:23,PAT Overview,Outside,Inside,Internet,Cisco IOSrouter,Outside,Inside,Internet,700router,PAT,NAT/PAT,PAT Overview(cont.),Enables hosts on private networks to communicate over
22、 public networksConserves IP addresses,Internet,Private network,PAT Porthandler Operation,Only packets destined for the server(by type)are allowed through,Access router,Telephonecompany,Cisco 700,FTP server,Incoming FTP,Configuring PAT,Cisco1,ISDN,FTP server,NT servermydomain,DHCP server,DHCP client
23、,SEt SYStem 7xx7XXSEt USer Cisco17xx:Cisco1SEt IP PAT ON7xx:Cisco1cd7xxSEt IP PAT POrt FTP 10.0.0.108,7xx,Monitoring PAT,7xx:Cisco1show ip patDropped-icmp 0,udp 0,tcp 0,map 0,frag 0Timeout-udp 5 minutes,tcp 30 minutesPort handlers no default:Port Handler Service-21 10.0.0.108 FTP23 Router TELNET67 R
24、outer DHCP Server68 Router DHCP Client69 Router TFTP80 Router HTTP161 Router SNMP162 Router SNMP-TRAP520 Router RIP,Laboratory Exercise:Visual Objective,Branch office,Cisco 3640,Cisco 1600,Central site,Frame Relay,Frame Relay,S3/1,S0,SA,NAT,Summary,After completing this chapter,you should be able to
25、 perform the following tasks:Identify how NAT and PAT solve the limited IP address problem and describe how they operateConfigure NAT and PATVerify NAT and PAT,Review Questions,What is the difference between a simple translation entry and an extended translation entry?State how each is used.Give one or more examples when NAT could be used.When viewing the output of the show ip nat translations command,how can you determine when an inside global address is being used for overloading inside global addresses?,Blank Page For IG pagination,
