Lets make user able to go to internet and our server able to be accessed via internet.
System of NAT consist of:
1. Access-list
2. Pool of public address
3.
Static NAT is always exist or always on. It doesn't need inside-user to go to internet first before it created inside border-router. So, outside-user can PING to inside-user anytime without requiring inside-user to PING that outside-user first.
Server is always uses static NAT not Dynamic NAT because Server is needed to be able to be accesses anytime without that server try PING to any outside-user first.
While, Dynamic NAT isn't always exist or always on. It requires inside-user to go to internet first before this type of NAT created inside border-router.
So, we need addtional knowledge to define which router's interface is inside and which interface is outside. This knowledge is important for both static NAT and dynamic NAT. Inside interface of NAT is usually
Outside interface of NAT usually interface that have public address.
Static NAT's command is begin with ip nat inside source static and so on. While Dynamic NAT's command is begin with ip nat inside source list and so on.
R2(config)#ip nat inside source static 192.168.20.254 209.165.202.131
Static NAT can also be used to do port forwarding. For instance: I want to change Web server port from 80 to 8080.
R2(config)#ip nat inside source static
Port forwarding static option (tcp and udp) available only in static NAT, like this:
R1(config)#ip nat inside source static ?
A.B.C.D Inside local IP address
esp IPSec-ESP (Tunnel mode) support
network Subnet translation
tcp Transmission Control Protocol
udp User Datagram Protocol
So, static NAT is without access-list. Dynamic NAT is with access-list.
Type of access-list that we used is just a standard named ACL. We use usually use named ACL not numbered ACL. Then we can reference this name from ....
And also this pool need a name.
System of NAT consist of:
1. Access-list
2. Pool of public address
3.
Static NAT is always exist or always on. It doesn't need inside-user to go to internet first before it created inside border-router. So, outside-user can PING to inside-user anytime without requiring inside-user to PING that outside-user first.
Server is always uses static NAT not Dynamic NAT because Server is needed to be able to be accesses anytime without that server try PING to any outside-user first.
While, Dynamic NAT isn't always exist or always on. It requires inside-user to go to internet first before this type of NAT created inside border-router.
So, we need addtional knowledge to define which router's interface is inside and which interface is outside. This knowledge is important for both static NAT and dynamic NAT. Inside interface of NAT is usually
Outside interface of NAT usually interface that have public address.
Static NAT's command is begin with ip nat inside source static and so on. While Dynamic NAT's command is begin with ip nat inside source list and so on.
Static NAT
All information that we need to configure static NAT are IP address private that Server belong and IP address public that we want the private IP address change/transfered/mapped .R2(config)#ip nat inside source static 192.168.20.254 209.165.202.131
Static NAT can also be used to do port forwarding. For instance: I want to change Web server port from 80 to 8080.
R2(config)#ip nat inside source static
Port forwarding static option (tcp and udp) available only in static NAT, like this:
R1(config)#ip nat inside source static ?
A.B.C.D Inside local IP address
esp IPSec-ESP (Tunnel mode) support
network Subnet translation
tcp Transmission Control Protocol
udp User Datagram Protocol
So, static NAT is without access-list. Dynamic NAT is with access-list.
Dynamic NAT
Dynamic NAT require a configuration of pool of public IP address, access-list and definition of outside-interface and inside-interface.Access-list
Dynamic NAT requires an access-list to determine/define which IP addresses allowed/permitted to be translated by NAT. IP addresses that outside or not included inside that list will not be translated, forever, hence IP addresses that are not listed in the access-list will unable to go to internet until they included in the access-list.Type of access-list that we used is just a standard named ACL. We use usually use named ACL not numbered ACL. Then we can reference this name from ....
Pool
To create pool we need to excludes public ip addresses that used for static NAT first but use mask that ISP give to customer/us a block of public ip address, like 255.255.255.252 if the ISP give us 4 public IP addresses to be used.And also this pool need a name.
No comments:
Post a Comment