Got it

What is NAT and how it works - episode 2 REPRINT

Latest reply: Jun 5, 2019 00:30:31 355 1 0 0 0

Authorized reprint by author zhushigeng (Vinsoney)


3. NAT Deployment on Routers


3.1 Static NAT Mapping

093636o2dh5lrt7jqquhhq.png

 

In the preceding figure, the OR is an egress router that connects to the intranet PC and Internet. The intranet PC needs to access the Internet. Static one-to-one IP mapping is configured on the OR to enable the PC to access the Internet. A public IP address 200.1.1.100 is assigned to the intranet PC with the private IP address 192.168.1.1.

The configuration of the OR router is as follows (the configuration of interface IP addresses is not provided):

[OR] interface GigabitEthernet0/0/1

 [OR-GigabitEthernet0/0/1] nat static global 200.1.1.100 inside 192.168.1.1

 

[OR] ip route-static 0.0.0.0 0.0.0.0 200.1.1.2

In the preceding configuration, the nat static global 200.1.1.100 inside 192.168.1.1 command configures static NAT mapping to map a private IP address 192.168.1.1 to a public IP address 200.1.1.100. When the OR is to send the packet whose source IP address is 192.168.1.1 through GE 0/0/1, the OR converts the private IP address to 200.1.1.100. In addition, when the packet whose destination IP address is 200.1.1.100 reaches GE 0/0/1 on the OR, the OR converts the destination IP address to 192.168.1.1.


3.2 No-PAT

Based on Dynamic Address Pools


093636iufuxsxes2oeex2k.png

 

In the preceding figure, the OR is an egress router that connects to the intranet PC and Internet. Users on the intranet 192.168.1.0/24 need to access the Internet. The public IP address range assigned by a carrier is 200.1.1.100 through 200.1.1.116. No-PAT based on dynamic address pools is configured so that intranet users can access the Internet.

The configuration of the OR router is as follows (the configuration of interface IP addresses is not provided):

# Configure a NAT address pool whose ID is 1and the public IP address range is 200.1.1.100 through 200.1.1.116.

[OR] nat address-group 1 200.1.1.100 200.1.1.116

 

# Configure an ACL numbered 2000 to match packets within the internal network segment 192.168.1.0/24 so that the packets are processed by NAT.

[OR] acl 2000

[OR-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255

 

# Configure address pool-based no-PAT on the interface connected to the external network, and bind the ACL numbered 2000 to NAT address pool 1.

[OR] interface GigabitEthernet0/0/1

[OR-GigabitEthernet0/0/1] nat outbound 2000 address-group 1 no-pat

 

[OR] ip route-static 0.0.0.0 0.0.0.0 200.1.1.2


3.3 NAPT

Based on Dynamic Address Pools


093637d3dfc68gf870qb63.png

 

http://3ms.huawei.com/km/static/blog/images/gif/grey.gifIn the preceding figure, the OR is an egress router that connects to the intranet PC and Internet. Users on the network segment 192.168.1.0/24 of the intranet need to access the Internet. The public IP address range assigned by a carrier is 200.1.1.100 through 200.1.1.105. NAPT based on address pools is configured so that intranet users can access the Internet.

The configuration of the OR egress router is as follows (the configuration of interface IP addresses is not provided):

[OR] nat address-group 1 200.1.1.100 200.1.1.105

 

[OR] acl 2000

[OR-acl-basic-2000] rule 5 permit source 192.168.1.0 0.0.0.255

 

[OR] interface GigabitEthernet0/0/1

[OR-GigabitEthernet0/0/1] nat outbound 2000 address-group 1

 

[OR] ip route-static 0.0.0.0 0.0.0.0 200.1.1.2

In source IP address translation, NAPT configuration is slightly different from the no-PAT configuration. NAPT is more often used to map multiple private IP addresses to one public IP address.


3.4 NAT Internal Server


http://3ms.huawei.com/km/static/blog/images/gif/grey.gif093637ffzxn91az1nbv9dz.png

 

In the preceding figure, the OR is an egress router that connects to an intranet server and Internet. A web server whose IP address is 192.168.1.100 is located on the intranet. TCP port 80 needs to provide services for the Internet. The public IP address obtained from a carrier is 200.1.1.30. The NAT internal server function is configured on the OR to enable Internet users to access 200.1.1.30:8080 by sending requests to 192.168.1.100:80.

The configuration of the OR router is as follows (the configuration of interface IP addresses is not provided):

[OR] interface OR-GigabitEthernet0/0/1

[OR-GigabitEthernet0/0/1] nat server protocol tcp global 200.1.1.30 8080 inside 192.168.1.100 80

 

[OR] ip route-static 0.0.0.0 0.0.0.0 200.1.1.2

 

Learn more: what is NAT and how it works episode 1 REPRINT


Learn more: what is NAT and how it works episode 3 REPRINT


  • x
  • convention:

Juan_Tintor
Created Jun 5, 2019 00:30:31

Hi,
I need some help for the configuration the NAPT in my router AR2200 series. I need translate IP's from one vlan to one public IP. In resume i need to do a NAPT with the case:

VLAN 11 (128.0.8.0/23) private net -> 266.13.59.2/28 public IP

is possible do this with the commands of the CLI ?

Thanks !
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.