Difference between revisions of "Cisco NAT"
From HackerNet
Helikopter (talk | contribs) (Created page with "==Basic NAT== interface [interface] ip nat inside interface [interface] ip nat outside ==Overload== ==Static NAT== ip nat inside source static [inside-address] [outsi...") |
Helikopter (talk | contribs) |
||
Line 1: | Line 1: | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==Overload== | ==Overload== | ||
+ | access-list 10 permit [ip-address] [wildcard-mask] | ||
+ | ip nat inside source list 10 interface [outside-interface] overload | ||
+ | Verify | ||
+ | show ip nat translations | ||
==Static NAT== | ==Static NAT== | ||
− | ip nat inside source static | + | interface Gi0/1 |
+ | ip address 10.10.10.10 255.255.255.0 | ||
+ | ip nat outside | ||
+ | interface Gi0/2 | ||
+ | ip address 192.168.0.1 255.255.255.0 | ||
+ | ip nat inside | ||
+ | NAT | ||
+ | ip nat inside source static 192.168.0.20 10.10.10.20 | ||
+ | Verify | ||
+ | show ip nat translations | ||
+ | |||
+ | ==Dynamic NAT== | ||
+ | interface Gi0/1 | ||
+ | ip address 10.10.10.10 255.255.255.0 | ||
+ | ip nat outside | ||
+ | interface Gi0/2 | ||
+ | ip address 192.168.0.1 255.255.255.0 | ||
+ | ip nat inside | ||
+ | NAT | ||
+ | ip access-list standard CLIENT-LIST | ||
+ | permit 192.168.0.0 0.0.0.15 | ||
+ | ip nat pool DYNAMIC 10.10.10.15 10.10.10.19 prefix-length 29 | ||
+ | ip nat inside source list CLIENT-LIST pool DYNAMIC | ||
+ | Verify | ||
+ | show ip nat translations | ||
==Static PAT== | ==Static PAT== | ||
− | + | interface Gi0/1 | |
− | ip nat inside source | + | ip address 10.10.10.10 255.255.255.0 |
+ | ip nat outside | ||
+ | interface Gi0/2 | ||
+ | ip address 192.168.0.1 255.255.255.0 | ||
+ | ip nat inside | ||
+ | PAT | ||
+ | ip nat inside source static tcp 192.168.0.55 80 10.10.10.10 80 | ||
+ | Verify | ||
+ | show ip nat translations | ||
==Static NAT and IP Aliasing== | ==Static NAT and IP Aliasing== | ||
+ | Utan alias besvaras inte ARP-förfrågningar för den IP-adressen. | ||
+ | ip nat inside source static 192.168.0.20 10.10.10.20 no-alias | ||
+ | Verify | ||
+ | show ip alias | ||
==Static Policy NAT== | ==Static Policy NAT== | ||
Line 21: | Line 55: | ||
==Overlapping Subnets== | ==Overlapping Subnets== | ||
+ | Antingen får man NATa på båda sidorna eller bara ena. | ||
==TCP Load Distribution== | ==TCP Load Distribution== | ||
Line 38: | Line 73: | ||
Verify | Verify | ||
show ip alias | i dynamic | show ip alias | i dynamic | ||
− | |||
show ip nat statistics | show ip nat statistics | ||
show ip snat distributed | show ip snat distributed |
Revision as of 09:18, 25 April 2016
Contents
Overload
access-list 10 permit [ip-address] [wildcard-mask] ip nat inside source list 10 interface [outside-interface] overload
Verify
show ip nat translations
Static NAT
interface Gi0/1 ip address 10.10.10.10 255.255.255.0 ip nat outside interface Gi0/2 ip address 192.168.0.1 255.255.255.0 ip nat inside
NAT
ip nat inside source static 192.168.0.20 10.10.10.20
Verify
show ip nat translations
Dynamic NAT
interface Gi0/1 ip address 10.10.10.10 255.255.255.0 ip nat outside interface Gi0/2 ip address 192.168.0.1 255.255.255.0 ip nat inside
NAT
ip access-list standard CLIENT-LIST permit 192.168.0.0 0.0.0.15 ip nat pool DYNAMIC 10.10.10.15 10.10.10.19 prefix-length 29 ip nat inside source list CLIENT-LIST pool DYNAMIC
Verify
show ip nat translations
Static PAT
interface Gi0/1 ip address 10.10.10.10 255.255.255.0 ip nat outside interface Gi0/2 ip address 192.168.0.1 255.255.255.0 ip nat inside
PAT
ip nat inside source static tcp 192.168.0.55 80 10.10.10.10 80
Verify
show ip nat translations
Static NAT and IP Aliasing
Utan alias besvaras inte ARP-förfrågningar för den IP-adressen.
ip nat inside source static 192.168.0.20 10.10.10.20 no-alias
Verify
show ip alias
Static Policy NAT
Route Maps
Overlapping Subnets
Antingen får man NATa på båda sidorna eller bara ena.
TCP Load Distribution
HSRP
Primary/Backup
NVI
Default Interface
Reversible NAT
Static Extendable NAT
Verify
show ip alias | i dynamic show ip nat statistics show ip snat distributed show ip snat distributed verbose
Kolla om NAT funkar
telnet 1.1.1.1 /source lo0 who
Debug
debug ip nat