NAT (network address translation) config 예제 1

NAT Configuration Examples

The following sections show NAT configuration examples.

Dynamic Inside Source Translation Example

The following example translates all source addresses passing access list 1 (having a source address from 192.168.1.0/24) to an address from the pool named net-208. The pool contains addresses from 171.69.233.208 to 171.69.233.223.

ip nat pool net-208 171.69.233.208 171.69.233.223 netmask 255.255.255.240

ip nat inside source list 1 pool net-208

!

interface serial 0

 ip address 171.69.232.182 255.255.255.240

 ip nat outside

!

interface ethernet 0

 ip address 192.168.1.94 255.255.255.0

 ip nat inside

!

access-list 1 permit 192.168.1.0 0.0.0.255

The following example translates all source addresses using a route map.

ip nat pool provider1-space 171.69.232.1 171.69.232.254 prefix-length 24

ip nat pool provider2-space 131.108.43.1 131.108.43.254 prefix-length 24

ip nat inside source route-map provider1-map pool provider1-space

ip nat inside source route-map provider2-map pool providere2-space

!

interface Serial0/0

ip nat outside

!

interface Serial0/1

ip nat outside

!

route-map provider1-map permit 10

match ip address 1

match interface Serial0/0

!

route-map provider2-map permit 10

match ip address 1

match interface Serial0/1

Overloading Inside Global Addresses Example

The following example creates a pool of addresses named net-208. The pool contains addresses from 171.69.233.208 to 171.69.233.223. Access list 1 allows packets having the SA from 192.168.1.0 to 192.168.1.255. If no translation exists, packets matching access list 1 are translated to an address from the pool. The router allows multiple local addresses (192.168.1.0 to 192.168.1.255) to use the same global address. The router retains port numbers to differentiate the connections.

ip nat pool net-208 171.69.233.208 171.69.233.223 netmask 255.255.255.240

ip nat inside source list 1 pool net-208 overload

!

interface serial0

 ip address 171.69.232.182 255.255.255.240

 ip nat outside

!

interface ethernet0

 ip address 192.168.1.94 255.255.255.0

 ip nat inside

!

access-list 1 permit 192.168.1.0 0.0.0.255

Translating Overlapping Address Example

In the following example, the addresses in the local network are being used legitimately by someone else on the Internet. An extra translation is required to access that external network. Pool net-10 is a pool of outside local IP addresses. The statement, ip nat outside source list 1 pool net-10, translates the addresses of hosts from the outside overlapping network to addresses in that pool.

ip nat pool net-208 171.69.233.208 171.69.233.223 prefix-length 28

ip nat pool net-10 10.0.1.0 10.0.1.255 prefix-length 24

ip nat inside source list 1 pool net-208

ip nat outside source list 1 pool net-10

!

interface serial 0

 ip address 171.69.232.192 255.255.255.240

 ip nat outside

!

interface ethernet0

 ip address 192.168.1.94 255.255.255.0

 ip nat inside

!

access-list 1 permit 192.168.1.0 0.0.0.255