Use this feature to translate your own IP addresses into globally
unique IP addresses when communicating outside of your network. You
can configure static or dynamic inside source translation as follows:
·Static translation establishes a one-to-one mapping between your inside
local address and an inside global address. Static translation is useful
when a host on the inside must be accessible by a fixed address from
the outside.
·Dynamic translation establishes a mapping between an inside local address
and a pool of global addresses
按红色,绿色按钮
NAT Inside Source Translation
The following process describes inside source address Translation
1. The user at Host 1.1.1.1 opens a connection to Host B.
2. The first packet that the router receives from Host 1.1.1.1 causes
the router to check its NAT table.
·If a static translation entry was configured, the router goes to Step
3.
·If no translation entry exists, the router determines that source address
(SA) 1.1.1.1 must be translated dynamically, selects a legal, global
address from the dynamic address pool, and creates a translation entry.
This type of entry is called a simple entry.
3. The router replaces the inside local source address of Host 1.1.1.1
with the translation entry's global address, and forwards the packet.
4. Host B receives the packet and responds to Host 1.1.1.1 by using
the inside global IP destination address (DA) 2.2.2.2.
5. When the router receives the packet with the inside global IP address,
it performs a NAT table lookup by using the inside global address as
a key. It then translates the address to the inside local address of
Host 1.1.1.1 and forwards the packet to Host 1.1.1.1.
6. Host 1.1.1.1 receives the packet and continues the conversation.
The router performs Steps 2 through 5 for each packet.
Configure Static Translation
配置如下:
1.ip nat inside source static local-ip global-ip
Establish static translation between an inside local address and an
inside global address.
2.interface type number
Specify the inside interface.
3.ip nat inside
Mark the interface as connected to the inside.
4.interface type number
Specify the outside interface.
5. ip nat outside
Mark the interface as connected to the outside.
Configure Dynamic Translation
配置如下:
1.ip nat pool name start-ip end-ip {netmask netmask | prefix-length
prefix-length}
Define a pool of global addresses to be allocated as needed.
2.access-list access-list-number permit source [source-wildcard]
Define a standard access list permitting those addresses that are to
be translated.
3.ip nat inside source list access-list-number pool name
Establish dynamic source translation, specifying the access list defined
in the prior step.
4.interface type number
Specify the inside interface.
5.ip nat inside
Mark the interface as connected to the inside.
6.interface type number
Specify the outside interface.
7.ip nat outside
Mark the interface as connected to the outside.
具体配置例子如下:
Router A Configuration
ip nat pool routerA 199.57.10.5 199.57.10.10 netmask 255.255.255.0
access-list permit 192.168.10.0 0.0.0.255
ip nat inside source list 1 pool routerA
!
interface serial0
ip add 199.57.10.1 255.255.255.0
ip nat outside
!
interface ethernet 0
ip add 192.168.10.1 255.255.255.0
ip nat inside
!
Router B Configuration
ip nat inside source source static 192.168.12.5 198.45.10.5
!
interface serial0
ip add 198.45.10.1 255.255.255.0
ip nat outside
!
interface ethernet 0
ip add 192.168.12.1 255.255.255.0
ip nat inside
Monitor and Maintain NAT
1.clear ip nat translation *
Clear all dynamic address translation entries from the NAT translation
table.
2.clear ip nat translation inside global-ip local-ip [outside local-ip
global-ip]
Clear a simple dynamic translation entry containing an inside translation,
or both inside and outside translation.
3.clear ip nat translation outside local-ip global-ip
Clear a simple dynamic translation entry containing an outside translation.
