Network Address Translation by Jennifer Carroll, Jeff Doyle
Example 4-4 Implementing Static NAT at Router Mazatlan in Figure 4-15
Download 0.92 Mb.
|
- Navigate this page:
- Example 4-5 The IL Addresses of Hosts C and A Are Statically Translated into IG Addresses
- Example 4-7 Configuring Mazatlan to Statically Translate Outside Global Addresses to Outside Local Addresses
- Example 4-8 An OG-to-OL Mapping Is Added to the NAT Table by the Additional Command at Mazatlan
- Example 4-9 The Inside Addresses of Hosts A and C Have Been Automatically Mapped to the Outside Addresses of Host D
Example 4-4 Implementing Static NAT at Router Mazatlan in Figure 4-15interface Ethernet0 ip address 10.1.1.1 255.255.255.0 ip nat inside ! interface Serial1 no ip address encapsulation frame-relay ! interface Serial1.705 point-to-point ip address 199.100.35.254 255.255.255.252 ip nat outside frame-relay interface-dlci 705 ! router ospf 100 network 10.1.1.1 0.0.0.0 area 0 default-information originate ! ip nat inside source static 10.1.2.2 204.15.87.2 ip nat inside source static 10.1.1.3 204.15.87.1 ! ip route 0.0.0.0 0.0.0.0 199.100.35.253 ! The router's E0 interface is designated as being on the inside with the ip nat inside command, and the Frame Relay subinterface S1.705 is designated as being on the outside with the ip nat outside command. Next, the inside local addresses are mapped to inside global addresses with the ip nat inside source static commands. There are two of these commands, one for host C and one for host A. Example 4-5 shows the resulting NAT table.
Pro Inside global Inside local Outside local Outside global --- 204.15.87.2 10.1.2.2 --- --- --- 204.15.87.1 10.1.1.3 --- --- Mazatlan# When host A or C sends a packet to the outside, Mazatlan sees the source address in its NAT table and makes the appropriate translation. The router Acapulco has a route (in this case, a static route) to network 204.15.87.0 and has no knowledge of the 10.0.0.0 network. Therefore, Acapulco and host D can respond to packets from hosts A and C. If host B or router Veracruz sends a packet to host D, the packet is forwarded, but without any translation; when D responds to the untranslated IL address, Acapulco has no route and drops the packet, as demonstrated in Example 4-6. Example 4-6 When Host D in Figure 4-15 Responds to the Untranslated IL Address of Host B, Acapulco Has No Route to 10.0.0.0 and Drops the PacketAcapulco#debug ip icmp Acapulco# 1d00h: ICMP: dst (10.1.1.4) host unreachable sent to 201.114.37.5 1d00h: ICMP: dst (10.1.1.4) host unreachable sent to 201.114.37.5 1d00h: ICMP: dst (10.1.1.4) host unreachable sent to 201.114.37.5 1d00h: ICMP: dst (10.1.1.4) host unreachable sent to 201.114.37.5 1d00h: ICMP: dst (10.1.1.4) host unreachable sent to 201.114.37.5 Outside global addresses can also be statically translated into outside local addresses. Suppose, for example, that the administrator of the inside network in Figure 4-15 wants host D to "appear" to be a part of the inside network—say, with an address of 10.1.3.1. Example 4-7 shows the NAT configuration for Mazatlan.
ip nat inside source static 10.1.2.2 204.15.87.2 ip nat outside source static 201.114.37.5 10.1.3.1 The router's NAT configuration remains the same, except for the addition of the ip nat outside source static command, which in this case maps the OG address 201.114.37.5 to the OL address 10.1.3.1. Example 4-8 shows the resulting NAT table. Example 4-8 An OG-to-OL Mapping Is Added to the NAT Table by the Additional Command at MazatlanMazatlan#show ip nat translations Pro Inside global Inside local Outside local Outside global --- 204.15.87.2 10.1.2.2 --- --- --- 204.15.87.1 10.1.1.3 --- --- --- --- --- 10.1.3.1 201.114.37.5 Mazatlan# Although this case study has involved only static mappings, some dynamic mapping occurs after traffic has passed between host A and host D, and between host C and host D, as illustrated by Example 4-9. In each case, the inside mappings are automatically mapped to the outside mappings.
Pro Inside global Inside local Outside local Outside global --- 204.15.87.2 10.1.2.2 --- --- --- 204.15.87.1 10.1.1.3 --- --- --- --- --- 10.1.3.1 201.114.37.5 --- 204.15.87.1 10.1.1.3 10.1.3.1 201.114.37.5 --- 204.15.87.2 10.1.2.2 10.1.3.1 201.114.37.5 Mazatlan# F  igure 4-16 Host A Can Send Packets to Either the OL or OG Address of Host D It is important to understand that this configuration does nothing to prevent a host on the inside from sending packets to host D's OG address rather than the OL address. In Figure 4-16, host A can successfully ping host D at either its OL address (10.1.3.1) or its OG address (201.114.37.5). In fact, debugging output from host C in Example 4-10 reveals a bit more detail about the behavior of this network. Host C pings host D on its OG address, but the source address of the reply packets is host D's OL address. The ICMP Echo Request packet to destination 201.114.37.5 has passed through the NAT unchanged, but the ICMP Echo Reply packet, with a source address of 201.114.37.5, is translated by the NAT to the OL address. Download 0.92 Mb. Share with your friends:
|