Bronze

O NAT é definido no RFC 1631

Name Location of Host Represented by Address IP Address Space in Which Address Exists
Inside Local address Inside the enterprise network Part of the enterprise IP address space;typically a private IP address
Inside Global address Inside the enterprise network Part of the public IP address space
Outside Local address In the public Internet; or, outside the enterprise network Part of the enterprise IP address space; typically a private IP address
Outside Global address In the public Internet; or, outside the enterprise network Part of the public IP address space

Ligações:

R1——-s2/1-(outside)R2-(Inside)f0/1———-f0/0-R3

Exemplo 1:

Usando Static NATs

R2(config)#
ip route 0.0.0.0 0.0.0.0 192.168.2.1

interface FastEthernet0/1
ip address 192.168.20.2 255.255.255.0
 ip nat inside

interface Serial2/1
ip address 192.168.2.2 255.255.255.0
 ip nat outside

ip nat inside source static 1.1.1.1 2.2.2.1

R3(config)#
ip route 0.0.0.0 0.0.0.0 192.168.20.2
interface FastEthernet0/0
ip address 192.168.20.1 255.255.255.0

interface Loopback11
ip address 1.1.1.1 255.255.255.255
interface Loopback14
ip address 1.1.1.4 255.255.255.255
interface Loopback15
ip address 1.1.1.5 255.255.255.255
interface Loopback16
ip address 1.1.1.6 255.255.255.255
interface Loopback17
ip address 1.1.1.7 255.255.255.255
interface Loopback18
ip address 1.1.1.8 255.255.255.255
interface Loopback19
ip address 1.1.1.9 255.255.255.255
interface Loopback20
ip address 1.1.1.10 255.255.255.255

R3#ping 192.168.10.1 so loop11

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/40/48 ms

R2#sh ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
icmp 2.2.2.1:5         1.1.1.1:5          192.168.10.1:5     192.168.10.1:5

Exemplo 2:

Usando Dynamic NAT

R2(config)#

!Identificar as origens que usam o NAT
access-list 1 permit 1.1.1.4 0.0.0.3

!Criar a pool de IPs
ip nat pool Pool1 2.2.2.4 2.2.2.7 prefix-length 30

ip nat inside source list 1 pool Pool1

R3#ping 192.168.10.1 so loop11

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/40/48 ms

R3#telnet 192.168.10.1 /source-interface loop15
Trying 192.168.10.1 … Open

R2#sh ip nat statistics
Total active translations: 5 (1 static, 4 dynamic; 2 extended)
Outside interfaces:
Serial2/1
Inside interfaces:
FastEthernet0/1
Hits: 108  Misses: 0
CEF Translated packets: 104, CEF Punted packets: 2
Expired translations: 6
Dynamic mappings:
— Inside Source
[Id: 1] access-list 1 pool Pool1 refcount 4
 pool Pool1: netmask 255.255.255.252
        start 2.2.2.4 end 2.2.2.7
        type generic, total addresses 4, allocated 2 (50%), misses 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

R2#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 2.2.2.6:52716      1.1.1.5:52716      192.168.10.1:23    192.168.10.1:23
— 2.2.2.6            1.1.1.5            —                —
icmp 2.2.2.5:2         1.1.1.6:2          192.168.10.1:2     192.168.10.1:2
— 2.2.2.5            1.1.1.6            —                —
— 2.2.2.1            1.1.1.1            —                —

Exemplo 3:

Usando NAT overload

!Overload atraves de uma Pool

access-list 2 permit 1.1.1.8
ip nat pool Pool_GLOBAL 2.2.2.8 2.2.2.11 netmask 255.255.255.252
ip nat inside source list 2 pool Pool_GLOBAL overload

R3#telnet 192.168.10.1 /source-interface loop18

R2#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
— 2.2.2.1            1.1.1.1            —                —
tcp 2.2.2.10:39915     1.1.1.8:39915      192.168.10.1:23    192.168.10.1:23
tcp 192.168.2.2:19724  1.1.1.9:19724      192.168.10.1:23    192.168.10.1:23
tcp 192.168.2.2:51357  1.1.1.10:51357     192.168.10.1:23    192.168.10.1:23

Usando NAT overload da interface Outside

 

!Identificar as origens que usam o NAT
access-list 3 permit 1.1.1.9
access-list 3 permit 1.1.1.10

ip nat inside source list 3 interface Serial 2/1 overload

R3#telnet 192.168.10.1 /source-interface loop19
R3#telnet 192.168.10.1 /source-interface loop20

R2#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
— 2.2.2.1            1.1.1.1            —                —
tcp 2.2.2.10:39915     1.1.1.8:39915      192.168.10.1:23    192.168.10.1:23
tcp 192.168.2.2:19724  1.1.1.9:19724      192.168.10.1:23    192.168.10.1:23
tcp 192.168.2.2:51357  1.1.1.10:51357     192.168.10.1:23    192.168.10.1:23

278
Apresentações
0
Kudo
0
Comentários