Difference between revisions of "Cisco NAT"

From HackerNet
Jump to: navigation, search
(Created page with "==Basic NAT== interface [interface] ip nat inside interface [interface] ip nat outside ==Overload== ==Static NAT== ip nat inside source static [inside-address] [outsi...")
 
Line 1: Line 1:
==Basic NAT==
 
interface [interface]
 
  ip nat inside
 
interface [interface]
 
  ip nat outside
 
 
 
==Overload==
 
==Overload==
 +
access-list 10 permit [ip-address] [wildcard-mask]
 +
ip nat inside source list 10 interface [outside-interface] overload
 +
Verify
 +
show ip nat translations
  
 
==Static NAT==
 
==Static NAT==
  ip nat inside source static [inside-address] [outside-address]
+
interface Gi0/1
 +
  ip address 10.10.10.10 255.255.255.0
 +
  ip nat outside
 +
interface Gi0/2
 +
  ip address 192.168.0.1 255.255.255.0
 +
  ip nat inside
 +
NAT
 +
  ip nat inside source static 192.168.0.20 10.10.10.20
 +
Verify
 +
show ip nat translations
 +
 
 +
==Dynamic NAT==
 +
interface Gi0/1
 +
  ip address 10.10.10.10 255.255.255.0
 +
  ip nat outside
 +
interface Gi0/2
 +
  ip address 192.168.0.1 255.255.255.0
 +
  ip nat inside
 +
NAT
 +
ip access-list standard CLIENT-LIST
 +
  permit 192.168.0.0 0.0.0.15
 +
ip nat pool DYNAMIC 10.10.10.15 10.10.10.19 prefix-length 29
 +
ip nat inside source list CLIENT-LIST pool DYNAMIC
 +
Verify
 +
show ip nat translations
  
 
==Static PAT==
 
==Static PAT==
  access-list 1 permit [ip-address] [wildcard-mask]
+
  interface Gi0/1
  ip nat inside source list 1 interface [outside-interface] overload
+
  ip address 10.10.10.10 255.255.255.0
 +
  ip nat outside
 +
interface Gi0/2
 +
  ip address 192.168.0.1 255.255.255.0
 +
  ip nat inside
 +
PAT
 +
  ip nat inside source static tcp 192.168.0.55 80 10.10.10.10 80
 +
Verify
 +
show ip nat translations
  
 
==Static NAT and IP Aliasing==
 
==Static NAT and IP Aliasing==
 +
Utan alias besvaras inte ARP-förfrågningar för den IP-adressen.
 +
ip nat inside source static 192.168.0.20 10.10.10.20 no-alias
 +
Verify
 +
show ip alias
  
 
==Static Policy NAT==
 
==Static Policy NAT==
Line 21: Line 55:
  
 
==Overlapping Subnets==
 
==Overlapping Subnets==
 +
Antingen får man NATa på båda sidorna eller bara ena.
  
 
==TCP Load Distribution==
 
==TCP Load Distribution==
Line 38: Line 73:
 
Verify
 
Verify
 
  show ip alias | i dynamic
 
  show ip alias | i dynamic
show ip nat translations
 
 
  show ip nat statistics
 
  show ip nat statistics
 
  show ip snat distributed
 
  show ip snat distributed

Revision as of 09:18, 25 April 2016

Overload

access-list 10 permit [ip-address] [wildcard-mask]
ip nat inside source list 10 interface [outside-interface] overload

Verify

show ip nat translations

Static NAT

interface Gi0/1
 ip address 10.10.10.10 255.255.255.0
 ip nat outside
interface Gi0/2
 ip address 192.168.0.1 255.255.255.0
 ip nat inside

NAT

ip nat inside source static 192.168.0.20 10.10.10.20

Verify

show ip nat translations

Dynamic NAT

interface Gi0/1
 ip address 10.10.10.10 255.255.255.0
 ip nat outside
interface Gi0/2
 ip address 192.168.0.1 255.255.255.0
 ip nat inside

NAT

ip access-list standard CLIENT-LIST
 permit 192.168.0.0 0.0.0.15
ip nat pool DYNAMIC 10.10.10.15 10.10.10.19 prefix-length 29
ip nat inside source list CLIENT-LIST pool DYNAMIC

Verify

show ip nat translations

Static PAT

interface Gi0/1
 ip address 10.10.10.10 255.255.255.0
 ip nat outside
interface Gi0/2
 ip address 192.168.0.1 255.255.255.0
 ip nat inside

PAT

ip nat inside source static tcp 192.168.0.55 80 10.10.10.10 80

Verify

show ip nat translations

Static NAT and IP Aliasing

Utan alias besvaras inte ARP-förfrågningar för den IP-adressen.

ip nat inside source static 192.168.0.20 10.10.10.20 no-alias

Verify

show ip alias

Static Policy NAT

Route Maps

Overlapping Subnets

Antingen får man NATa på båda sidorna eller bara ena.

TCP Load Distribution

HSRP

Primary/Backup

NVI

Default Interface

Reversible NAT

Static Extendable NAT

Verify

show ip alias | i dynamic
show ip nat statistics
show ip snat distributed
show ip snat distributed verbose

Kolla om NAT funkar

telnet 1.1.1.1 /source lo0
who

Debug

debug ip nat