Difference between revisions of "NAT Cisco IOS"

From Teknologisk videncenter
Jump to: navigation, search
m (Example of static NAT)
m (Overlapping)
Line 34: Line 34:
 
=== Overloading (Most used) ===
 
=== Overloading (Most used) ===
 
=== Overlapping ===
 
=== Overlapping ===
 +
=== Server load distribution - Load balancing between servers ===
 +
In the real World www.tekkom.dk would for example resolve to IP Address 195.181.54.1 to which all users would connect.<br/>
 +
In the figure below you see the '''company''' has six equal WEB-servers with the same content.
 +
[[Image:Nat cisco load balancing.png|400px|none|thumb|Load balance heavy user access to WEB-site between six WEB-servers]]
 +
To load balance between several servers, you need to define a virtual IP address to which the users connect.
 +
<pre>
 +
ip access-list 37 permit 195.181.54.1
 +
</pre>
 +
See the full configuration below
 +
<pre>
 +
ip nat pool WEB-SERVERS 192.168.22.9 192.168.22.14 prefix-length 29 type rotary
 +
ip nat inside destination list 37 pool WEB-SERVERS
 +
!
 +
interface fastethernet 0/0
 +
description Connected to ISP (Outside)
 +
ip address 83.90.42.1 255.255.255.252
 +
ip nat outside
 +
!
 +
interface fastethernet 0/1
 +
description Local private LAN (Inside)
 +
ip address 192.168.22.1 255.255.255.0
 +
ip nat inside
 +
!
 +
ip access-list 37 permit 195.181.54.1
 +
</pre>

Revision as of 08:37, 7 March 2009

Network Address Translantion

For an explanation of NAT see Wikipedias Network address translation

Cisco NAT

Static NAT

In static NAT The Internal IP address is always translated to the same External IP address, on a one-to-one basis.

Example of static NAT

In the example below, a company has acquired an Internet connection with four additional addresses 195.181.54.0/29.

  • Connection Link address to internet 83.90.42.0/30
    • ISP uses 83.90.42.2/30
    • Company Router 83.90.42.1/30
  • The network 195.181.54.0/29 is routed to 83.90.42.1 by the ISP
  • 195.181.54.1/29 is a real IP address the company wants to use to their WEB-server
    • The companys WEB-server is located on the internal private network on local IP Address 192.168.22.110
  • 195.181.54.2/29 is a real IP address the company wants to use to their MAIL-server
    • The companys MAIL-server is located on the internal private network on local IP Address 192.168.22.111
Cisco Static NAT example
ip nat inside source static 192.168.22.110 195.181.54.1
ip nat inside source static 192.168.22.111 195.181.54.2
!
interface fastethernet 0/0
 description Connected to ISP (Outside)
 ip address 83.90.42.1 255.255.255.252
 ip nat outside
!
interface fastethernet 0/1
 description Local private LAN (Inside)
 ip address 192.168.22.1 255.255.255.0
 ip nat inside

Dynamic NAT

Overloading (Most used)

Overlapping

Server load distribution - Load balancing between servers

In the real World www.tekkom.dk would for example resolve to IP Address 195.181.54.1 to which all users would connect.
In the figure below you see the company has six equal WEB-servers with the same content.

Load balance heavy user access to WEB-site between six WEB-servers

To load balance between several servers, you need to define a virtual IP address to which the users connect.

ip access-list 37 permit 195.181.54.1

See the full configuration below

ip nat pool WEB-SERVERS 192.168.22.9 192.168.22.14 prefix-length 29 type rotary
ip nat inside destination list 37 pool WEB-SERVERS
!
interface fastethernet 0/0
 description Connected to ISP (Outside)
 ip address 83.90.42.1 255.255.255.252
 ip nat outside
!
interface fastethernet 0/1
 description Local private LAN (Inside)
 ip address 192.168.22.1 255.255.255.0
 ip nat inside
!
ip access-list 37 permit 195.181.54.1