Introduction
PAT (Port Address Translation) is an address translation technology using ports. This technology solves the problem
of return package delivery . Since the number of white IPs is
limited, we need to save these addresses. With this in mind, the technology PAT was created. It allows
local hosts to use
private IP addresses and set one registered address per access router. The NAT address translation technology uses the TCP protocol operation feature: from the server’s point of view, it’s all the same whether the connections are made to three different hosts with different addresses or connections are made to the same IP address with the same host but with different ports. Consequently, in order to connect to the Internet many hosts of a small office using only
one registered
public IP address , the PAT service translates the private addresses of local hosts into one registered one. In order to correctly forward the reverse communication packets to local hosts, the router stores a table of IP addresses and port numbers for TCP and UDP protocols. You can read about IP addresses and subnet masks in
my other article .
Laboratory job
Create a simple network using PAT technology (overloaded NAT). The network diagram is presented below. All work will be done in Cisco Packet Tracer.
Laboratory work
1. Create 2 PCs, a server, a switch and 2 routers on the Packet Tracer work pane and connect all devices as shown in the figure.
')
2. On the switch, configure 2 VLANs so that the work pattern is as follows. Who does not know how to do this and what VLAN is, look at
my last article .
3. We raise on Router0 duplexes on the port connected to the switch. We have done all this work in the previous lab (laboratory work on VLAN), so I will not dwell on this point in detail. Then we ping the server from any PC.
4. Configure the routers. On router 1, we set a white IP address on the port that is connected to router 0 with a cross cable. For example, I took 120.120.53.1. On router 0, we set the same white IP, but at the end we set 2, since this is the next device on the network (120.120.53.2). Thus, we simulated the situation of the Internet connection from the provider.
5. Check the ability to access the Internet from any PC. That is, pinging 120.120.53.1.
We can not connect, as seen in the screenshot above.
6. Now we will configure PAT with the access list. This is necessary so that we can expand our network and connect several vlans. Pay attention to our scheme. On it you can see that the local network ends at the zero router. It also starts accessing the Internet on a public IP. Therefore, it is here that we will customize the PAT. First we need to determine which interface for PAT will be external and which one will be internal. The external interface is the one that goes to the Internet, and the internal one - which is inside the local network. That is, in our case, the external one is fa0 / 0, and the internal two, since there are two departments (fa0 / 0.2 and fa0 / 0.3)
7. Set up a zero router to work with PAT. Based on paragraph 6, we introduce the following commands:
Router>en
Router#conf t
Router(config)#int fa0/0
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#int fa0/1.2
Router(config-subif)#ip nat inside
Router(config-subif)#exit
Router(config)#int fa0/1.3
Router(config-subif)#ip nat inside
Router(config-subif)#exit
Router(config)#end
Router#wr mem
8. We will create an access list on this router so that the router “understands” what to do with it.
We introduce the following commands:
Router>en
Router#conf t
Router(config)#ip access-list standard HABRAHABR
Router(config-std-nacl)#permit 192.168.2.0 0.0.0.255
Router(config-std-nacl)#permit 192.168.3.0 0.0.0.255
Router(config-std-nacl)#end
9. Check that we have turned out you can command
show run . To start the PAT, we need to enter another command in the configuration settings:
ip nat inside source list HABRAHABR int fa0/0 overload
Check your internet connection.
And win! Everything is working.
Let's deal with all the teams now.
ip access-list standard HABRAHABR - create a standard access sheet named HABRAHABR
permit 192.168.2.0 0.0.0.255 - add network addresses with reverse network mask
ip nat inside source list HABRAHABR int fa0 / 0 overload - we begin the NAT path from the inside (from insider) to the access sheet called HABRAHABR on the int fa0 / 0 interface. Overload indicates the type of NAT, namely overloaded NAT, that is, PAT.