Difference between revisions of "NAT Cisco IOS"
m (→Overloading (Most used)) |
m (→Overloading example 1: Connection with fixed WAN IP Address) |
||
Line 46: | Line 46: | ||
description Outside: Internet connection to ISP | description Outside: Internet connection to ISP | ||
ip address 83.90.1.30 255.255.255.252 | ip address 83.90.1.30 255.255.255.252 | ||
+ | ip nat outside | ||
+ | ! | ||
+ | ip nat inside source list 38 interface FastEthernet0/1 overload | ||
+ | ! | ||
+ | access-list 38 permit 10.0.0.0 0.0.0.255 | ||
+ | </pre> | ||
+ | ==== Overloading example 2: Connection with floating WAN IP Address (DHCP) ==== | ||
+ | *Internal private network: 192.168.1.0/24 | ||
+ | *WAN Address: DHCP | ||
+ | <pre> | ||
+ | interface FastEthernet0/0 | ||
+ | description Inside. Internal LAN | ||
+ | ip address 192.168.1.1 255.255.255.0 | ||
+ | ip nat inside | ||
+ | ! | ||
+ | interface FastEthernet0/1 | ||
+ | description Outside: Internet connection to ISP | ||
+ | ip address dhcp | ||
ip nat outside | ip nat outside | ||
! | ! |
Revision as of 09:06, 7 March 2009
Contents
Network Address Translantion
For an explanation of NAT see Wikipedias Network address translation
Cisco NAT
Static NAT
In static NAT The Internal IP address is always translated to the same External IP address, on a one-to-one basis.
Example of static NAT
In the example below, a company has acquired an Internet connection with four additional addresses 195.181.54.0/29.
- Connection Link address to internet 83.90.42.0/30
- ISP uses 83.90.42.2/30
- Company Router 83.90.42.1/30
- The network 195.181.54.0/29 is routed to 83.90.42.1 by the ISP
- 195.181.54.1/29 is a real IP address the company wants to use to their WEB-server
- The companys WEB-server is located on the internal private network on local IP Address 192.168.22.110
- 195.181.54.2/29 is a real IP address the company wants to use to their MAIL-server
- The companys MAIL-server is located on the internal private network on local IP Address 192.168.22.111
ip nat inside source static 192.168.22.110 195.181.54.1 ip nat inside source static 192.168.22.111 195.181.54.2 ! interface fastethernet 0/0 description Connected to ISP (Outside) ip address 83.90.42.1 255.255.255.252 ip nat outside ! interface fastethernet 0/1 description Local private LAN (Inside) ip address 192.168.22.1 255.255.255.0 ip nat inside
Dynamic NAT
Overloading
Overloading is often used, when you have a private internal LAN for example 192.168.1.0/24 and connect to the Internet through as ISP that lend you a Pulic IP address, through DHCP like a small SOHO router.
Overloading example 1: Connection with fixed WAN IP Address
- Internal private network: 192.168.1.0/24
- Fixed WAN IP address: 83.90.1.30/30
interface FastEthernet0/0 description Inside. Internal LAN ip address 192.168.1.1 255.255.255.0 ip nat inside ! interface FastEthernet0/1 description Outside: Internet connection to ISP ip address 83.90.1.30 255.255.255.252 ip nat outside ! ip nat inside source list 38 interface FastEthernet0/1 overload ! access-list 38 permit 10.0.0.0 0.0.0.255
Overloading example 2: Connection with floating WAN IP Address (DHCP)
- Internal private network: 192.168.1.0/24
- WAN Address: DHCP
interface FastEthernet0/0 description Inside. Internal LAN ip address 192.168.1.1 255.255.255.0 ip nat inside ! interface FastEthernet0/1 description Outside: Internet connection to ISP ip address dhcp ip nat outside ! ip nat inside source list 38 interface FastEthernet0/1 overload ! access-list 38 permit 10.0.0.0 0.0.0.255
Overlapping
Server load distribution - Load balancing between servers
You can load use nat pools to load balance between multiple IP addresses. Just remember a nat pool must be contiguous IP addresses.
Load balancing example
Load balancing between six WEB-servers to distribute the load among them.
In the real World www.tekkom.dk would for example resolve to IP Address 195.181.54.1 to which all users would connect.
In the figure below you see the company has six equal WEB-servers with the same content.
To load balance between several servers, you need to define a virtual IP address to which the users connect.
access-list 37 permit 195.181.54.1
See the full configuration below
ip nat pool WEB-SERVERS 192.168.22.9 192.168.22.14 netmask 255.255.255.0 type rotary ip nat inside destination list 37 pool WEB-SERVERS ! interface fastethernet 0/0 description Connected to ISP (Outside) ip address 83.90.42.1 255.255.255.252 ip nat outside ! interface fastethernet 0/1 description Local private LAN (Inside) ip address 192.168.22.1 255.255.255.0 ip nat inside ! access-list 37 permit 195.181.54.1