第13讲 Nat网络地址转换

第 13 讲 NAT 网络地址转换

NAT—— 网络地址翻译 ,[object Object],[object Object],[object Object]

[object Object],[object Object],[object Object]

Windows 98 PC Modem Branch office ISDN/analog Small office Central site Frame Relay PRI BRI BRI Frame Relay Async AAA server Async SA 10.1.1.1 166.1.1.1 SA Inside Local IP Address 10.1.1.1 Inside Global IP Address 166.1.1.1 NAT table PAT Frame Relay service

NAT 的优缺点 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

NAT 术语 Internet Inside 10.1.1.1 Inside Local IP Address 10.1.1.1 Simple NAT table Inside Global IP Address 166.1.1.1 10.1.1.2 Host B 172.20.7.3 A C B A B D SA 10.1.1.1 DA 10.1.1.1 SA 166.1.1.1 DA 166.1.1.1 D C

[object Object],[object Object],[object Object],[object Object]

NAT 功能 ,[object Object],[object Object],[object Object],Inside Local IP Address 10.1.1.1 10.1.1.2 NAT table Inside Global IP Address 196.168.2.2 196.168.2.3 Internet Inside 10.1.1.1 10.1.1.2

复用内部的全局地址 ,[object Object],[object Object],[object Object]

复用内部的全局地址 10.1.1.2:1723 10.1.1.1:1024 NAT table 196.168.2.2:1723 196.168.2.2:1024 TCP TCP 10.1.1.3:1492 196.168.2.2:1492 TCP Internet Inside 10.1.1.1 Host B 179.20.7.3 1 3 SA 10.1.1.1 DA 10.1.1.1 SA 196.168.2.2 DA 196.168.2.2 10.1.1.2 10.1.1.3 4 5 2 Host C 179.21.7.3 DA 196.168.2.2 4 Inside Global IP Address: Port Protocol Inside Local IP Address: Port 10.1.1.1

NAT 三种类型 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

NAT 表 10.1.1.10 10.1.1.2 Internet ,[object Object],10.1.1.10 179.9.1.50 179.9.1.50 10.1.1.10 全球 IP 本地 IP

NAT 表 10.0.0.3 10.0.0.2 Internet ,[object Object],10.0.0.2 179.9.8.80 179.9.8.81 10.0.0.3 179.9.8.80 10.0.0.2 全球 IP 本地 IP

NAT 表 10.1.1.10 10.0.0.2 Internet ,[object Object],10.0.0.3 179.9.8.80:1555 10.0.0.3:1555 179.9.8.80:1555 10.0.0.3:1555 179.9.8.80:1444 10.0.0.2:1444 全球 IP 本地 IP

NAT 静态映射实例 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

动态 NAT 的配置 ip nat pool dyn-nat 192.16.2.1 192.16.2.254 netmask 255.255.255.0 ip nat inside source list 1 pool dyn-nat ! interface Ethernet0 ip address 10.1.1.1 255.255.255.0 ip nat inside ! interface Serial0 ip address 192.16.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255 ! Translate between inside hosts addressed from 10.1.1.0/24 to the globally unique 192.16.2.0/24 network. This interface connected to the outside world. This interface connected to the inside network.

PAT 的配置 ( 一 ) ip nat pool ovrld-nat 192.16.2.1 192.16.2.2 netmask 255.255.255.0 ip nat inside source list 1 pool ovrld-nat overload ! interface Ethernet0/0 ip address 10.1.1.1 255.255.255.0 ip nat inside ! interface Serial0/0 ip address 192.16.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255

[object Object],[object Object]

PAT 的配置 ( 二 ) ip nat inside source list 1 int s0 overload ! interface Ethernet0/0 ip address 10.1.1.1 255.255.255.0 ip nat inside ! interface Serial0/0 ip address 192.16.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255

Verifying NAT Router#sh ip nat trans Pro Inside global Inside local Outside local Outside global tcp 192.2.2.1:11003 10.1.1.1:11003 172.16.2.2:23 172.16.2.2:23 tcp 192.2.2.1:1067 10.1.1.2:1067 172.16.2.3:23 172.16.2.3:23 A translation for a Telnet is still active. Two different inside hosts appear on the outside with a single IP address. Basic IP address translation Unique TCP port numbers are used to distinguish between hosts. Router# show ip nat trans Pro Inside global Inside local Outside local Outside global --- 192.2.2.1 10.1.1.1 --- --- --- 192.2.2.2 10.1.1.2 --- --- IP address translation with overloading

Troubleshooting NAT Router# debug ip nat NAT: s=10.1.1.1->192.16.2.1, d=172.166.2.2 [0] NAT*: s=172.166.2.2, d=192.16.2.1->10.1.1.1 [0] NAT: s=10.1.1.1->192.16.2.1, d=172.166.2.2 [1] NAT: s=10.1.1.1->192.16.2.1, d=172.166.2.2 [2] NAT: s=10.1.1.1->192.16.2.1, d=172.166.2.2 [3] NAT*: s=172.166.2.2, d=192.16.2.1->10.1.1.1 [1] NAT: s=10.1.1.1->192.16.2.1, d=172.166.2.2 [4] NAT: s=10.1.1.1->192.16.2.1, d=172.166.2.2 [5] NAT: s=10.1.1.1->192.16.2.1, d=172.166.2.2 [6] NAT*: s=172.166.2.2, d=192.16.2.1->10.1.1.1 [2] An example address translation inside-to-outside. A reply to the packet sent. An example TCP conversation, inside-to-outside. * Indicates translation was in the fast path.

Clearing NAT Translation Entries All entries are cleared. 192.16.2.2 is cleared. Router#sh ip nat trans Pro Inside global Inside local Outside local Outside global tcp 192.16.2.1:11003 10.1.1.1:11003 172.16.2.2:23 172.16.2.2:23 tcp 192.16.2.1:1067 10.1.1.2:1067 172.16.2.3:23 172.16.2.3:23 router# clear ip nat trans * router# router#show ip nat trans router# show ip nat trans Pro Inside global Inside local Outside local Outside global udp 192.16.2.2:1220 10.1.1.2:1120 171.69.2.132:53 171.69.2.132:53 tcp 192.16.2.1:11003 10.1.1.1:11003 172.16.2.2:23 172.16.2.2:23 tcp 192.16.2.1:1067 10.1.1.1:1067 172.16.2.3:23 172.16.2.3:23 router#clear ip nat trans udp inside 192.16.2.2 10.1.1.2 1220 171.69.2.132 53 171.69.2.132 53 router#show ip nat trans Pro Inside global Inside local Outside local Outside global tcp 192.16.2.1:11003 10.1.1.1:11003 172.16.2.2:23 172.16.2.2:23 tcp 192.16.2.1:1067 10.1.1.3:1067 172.16.2.3:23 172.16.2.3:23

第13讲 Nat网络地址转换

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie 第13讲 Nat网络地址转换

Ähnlich wie 第13讲 Nat网络地址转换 (20)

Mehr von F.l. Yu

Mehr von F.l. Yu (10)

第13讲 Nat网络地址转换