The first thing I want to make sure for the people who are just learning NAT to know is that it has a few different ways it can operate. In this article I will only be focusing on one method but I will follow up with more articles explaining the other ways to implement NAT.
So how does NAT work? Well in its simplest form it takes one IP address and turns it into another! Like magic right??
No not really, the magic is really the translation table or more commonly called the Xslate for short. To demonstrate how it works lets look at the diagram above, at the bottom you will see a loopback int 0 with ip address 10.1.1.1/24 assigned to it. If you do a source ping from that address to the loopback int on R3 the source ip will remain the same all the way until it reaches its destination. But at R1 I have configured NAT to identify that IP address and told R1 to translate it to an available address from the NAT outside Pool range of 10.20.1.1-10.20.1.254.
Let us take a look at how I accomplished that feat. Below is the config from R1.
hostname R1
!
interface FastEthernet0/0
ip address 10.100.1.2 255.255.255.252
ip nat outside <--- Tells the router where the outside boundary starts, this where the translated IP addresses are sent from out to there destination.
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.1.2 255.255.255.252
ip nat inside <--- Tells the router where the inside boundary starts, this where the translated IP addresses are sourced from and where the translation will begin.
ip virtual-reassembly
duplex auto
speed auto
!
router ospf 1 <---ospf is running on all routers to establish basic routing between routers.
log-adjacency-changes
no auto-cost
network 10.10.1.2 0.0.0.0 area 0
network 10.100.1.2 0.0.0.0 area 0
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
ip nat pool outside 10.20.1.1 10.20.1.254 prefix-length 24 <---here is where I created the pool of outside IP addresses that I want my internal addresses (10.1.1.0/24) to be translated to.
ip nat inside source list 1 pool outside <---Here is how I told the router which IP addresses I want translated, the list 1 statement is pointing to an access-list #1 which states the IP addresses I want to translate to the the outside pool of addresses.
!
access-list 1 permit 10.1.1.0 0.0.0.255 log <--- and finally the access-list 1 statement declaring the 10.1.1.0/24 network range that I want to be translated.
!
And that is that! The other 2 routers just need basic routing and IP address assignment!
To test this config all we need to do is ping from the R2 loopback interface to the R3 loopback interface and then go to the R1 router and run the 'sh ip nat trans' command at the exec level prompt and we will see the translation record for that ping sequence.
Example:
R1#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
icmp 10.20.1.1:4 10.1.1.1:4 10.200.1.1:4 10.200.1.1:4
The inside global refers to the outside address pool address range, the inside local shows the source IP of the ping, the outside local is the destination, and so is the outside global. The : and number you see after the IP is the sequence number the Xslate table uses to keep track of the session!
Hopefully this is has been helpful and be sure to check out my other articles on the different types of NAT, including static and dynamic overload!!
Thanks for reading and please leave any comments or questions you may have about this article.
No comments:
Post a Comment