网路地址转换NAT-PAT

sunyentzu
2 ℃
2020-01-25

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

14-1Copyright©1999,CiscoSystems,Inc.Chapter14ScalingIPAddresseswithNATandPAT14-2—BCRAN—ScalingIPAddresseswithNetworkAddressTranslationCopyright©1999,CiscoSystems,Inc.ObjectivesUponcompletionofthischapter,youwillbeabletoperformthefollowingtasks:•IdentifyhowNATandPATsolvethelimitedIPaddressproblemanddescribehowtheyoperate•ConfigureNATandPAT•VerifyNATandPAT14-3—BCRAN—ScalingIPAddresseswithNetworkAddressTranslationCopyright©1999,CiscoSystems,Inc.ChapterActivitiesWindows95PCModemBranchofficeISDN/analogSmallofficeCentralsiteFrameRelayFrameRelayservicePRIBRIBRIFrameRelayAsyncAAAserverAsyncSA10.1.1.1InsideLocalIPAddress10.1.1.1InsideGlobalIPAddress192.168.2.2NATtablePAT14-4—BCRAN—ScalingIPAddresseswithNetworkAddressTranslationCopyright©1999,CiscoSystems,Inc.WhyUseNAT?UseNATif:•YouneedtoconnecttotheInternetandyourhostsdonothavegloballyuniqueIPaddresses•YouchangeovertoanewISPthatrequiresyoutorenumberyournetwork•Twointranetswithduplicateaddressesmerge•YouwanttosupportbasicloadsharingOutside10.1.1.110.1.1.2InsideInternetNATborderrouterSA192.168.2.2SA10.1.1.114-5—BCRAN—ScalingIPAddresseswithNetworkAddressTranslationCopyright©1999,CiscoSystems,Inc.NATImplementationConsiderationsAdvantagesConserveslegallyregisteredaddressesReducesaddressoverlapoccurrenceIncreasesflexibilitywhenconnectingtoInternetEliminatesaddressrenumberingasnetworkchangesDisadvantagesTranslationintroducesswitchingpathdelaysLossofend-to-endIPtraceabilityCertainapplicationswillnotfunctionwithNATenabled14-6—BCRAN—ScalingIPAddresseswithNetworkAddressTranslationCopyright©1999,CiscoSystems,Inc.NATOverviewandTerminologyInternetInside10.1.1.1InsideLocalIPAddress10.1.1.210.1.1.1SimpleNATtableInsideGlobalIPAddress192.168.2.3192.168.2.210.1.1.2HostB172.20.7.3ACBABDSA10.1.1.1DA10.1.1.1SA192.168.2.2DA192.168.2.214-7—BCRAN—ScalingIPAddresseswithNetworkAddressTranslationCopyright©1999,CiscoSystems,Inc.NATOperationInsideLocalIPAddress10.1.1.110.1.1.2NATtableInsideGlobalIPAddress192.168.2.2192.168.2.3NATfunctions:•Translationinsidelocaladdresses•Overloadinginsideglobaladdresses•TCPloaddistribution•HandlingoverlappingnetworksInternetInside10.1.1.110.1.1.214-8—BCRAN—ScalingIPAddresseswithNetworkAddressTranslationCopyright©1999,CiscoSystems,Inc.TranslatingInsideLocalAddresses10.1.1.210.1.1.1192.168.2.3192.168.2.2NATtableInsideLocalIPAddressInsideGlobalIPAddress10.1.1.3192.168.2.4InternetInside10.1.1.110.1.1.2HostB172.20.7.313SA10.1.1.1DA10.1.1.1SA192.168.2.2DA192.168.2.210.1.1.210.1.1.345214-9—BCRAN—ScalingIPAddresseswithNetworkAddressTranslationCopyright©1999,CiscoSystems,Inc.OverloadingInsideGlobalAddresses10.1.1.2:172310.1.1.1:1024NATtable192.168.2.2:1723192.168.2.2:1024172.21.7.3:23172.20.7.3:23TCPTCP10.1.1.3:1723192.168.2.2:1492172.21.7.3:23TCPInternetInside10.1.1.1HostB172.20.7.313SA10.1.1.1DA10.1.1.1SA192.168.2.2DA192.168.2.210.1.1.210.1.1.3452HostC172.21.7.3DA192.168.2.24InsideGlobalIPAddress:PortOutsideGlobalIPAddress:PortProtocolInsideLocalIPAddress:Port10.1.1.114-10—BCRAN—ScalingIPAddresseswithNetworkAddressTranslationCopyright©1999,CiscoSystems,Inc.TCPLoadDistributionNATtableInsideGlobalIPAddress:Port10.1.1.127:8010.1.1.127:8010.1.1.127:80OutsideGlobalIPAddress:Port172.20.7.3:3058172.21.7.3:4371172.20.7.3:3062ProtocolTCPTCPTCPInsideLocalIPAddress:Port10.1.1.1:8010.1.1.2:8010.1.1.3:80InternetInside10.1.1.1HostB172.20.7.345SA10.1.1.1DA10.1.1.1SA10.1.1.127DA10.1.1.12710.1.1.210.1.1.1132HostC172.21.7.310.1.1.12710.1.1.3VirtualhostRealhosts14-11—BCRAN—ScalingIPAddresseswithNetworkAddressTranslationCopyright©1999,CiscoSystems,Inc.HandlingOverlappingNetworksInternet10.1.1.1DNSserverx.x.x.xHostC10.1.1.3InsideLocalIPAddress10.1.1.1InsideGlobalIPAddress192.2.2.2OutsideGlobalIPAddress10.1.1.3OutsideLocalIPAddress193.3.3.3NATtableDNSresponsefromx.x.x.x10.1.1.1messagetohostCSA=x.x.x.xDA=192.2.2.2C=10.1.1.3SA=192.2.2.2DA=10.1.1.310.1.1.1messagetohostCSA=10.1.1.1DA=193.3.3.3SA=x.x.x.xDA=10.1.1.1C=193.3.3.3DNSrequestforhostCaddressSA=10.1.1.1DA=x.x.x.x14-12—BCRAN—ScalingIPAddresseswithNetworkAddressTranslationCopyright©1999,CiscoSystems,Inc.StaticNATConfigurationExampleipnatinsidesourcestatic10.1.1.1192.168.2.2!interfaceEthernet0ipaddress10.1.1.10255.255.255.0ipnatinside!interfaceSerial0ipaddress172.16.2.1255.255.255.0ipnatoutside!Mapstheinsidelocaladdresstotheinsideglobaladdress.Thisinterfaceconnectedtotheoutsideworld.Thisinterfaceconnectedtotheinsidenetwork.14-13—BCRAN—ScalingIPAddresseswithNetworkAddressTranslationCopyright©1999,CiscoSystems,Inc.ipnatpooldyn-nat192.168.2.1192.168.2.254netmask255.255.255.0ipnatinsidesourcelist1pooldyn-nat!interfaceEthernet0ipaddress10.1.1.10255.255.255.0ipnatinside!interfaceSerial0ipaddress172.16.2.1255.255.255.0ipnatoutside!access-list1permit10.1.1.00.0.0.255!DynamicNATConfigurationTranslatebetweeninsidehostsaddressedfrom10.1.1.0/24tothegloballyunique192.168.2.0/24network.Thisinterfaceconnectedtotheoutsideworld.Thisinterfaceconnectedtotheinsidenetwork.14-14—BCRAN—ScalingIPAddresseswithNetworkAddressTranslationCopyright©1999,CiscoSystems,Inc