Dynamic NAT(Network Address Translation)

Dynamic NAT 설정
Router(config)#ip nat pool name start-ip end-ip {netmask | prefix-lengh}
- ip nat pool 을 사용하여 할당될 글로벌 어드레스 범위를 지정

Router(config)#access-list access-list number permit source [source-wildcard]
- ACL을 이용하여 변환할 내부 로컬 주소 범위 지정

Router(config)#ip nat inside source list access-list number pool name
- ip nat inside source list  명령어에 ACL번호와 pool 이름을 사용하여 서로 매치시킴

- 외부 <----outside----- Router -----inside-----> 내부

-----------------------------------------------------------------------------------------------------

동적  NAT 설정

동적 NAT 설정을 통해 10.1.1.0/24 네트워크에 소속된 호스트들의 인터넷 접근이 가능하게 하시오.

Router 2의 설정

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int fa 0/0
Router(config-if)#ip add 172.69.232.1 255.255.255.0
Router(config-if)#no sh
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Router(config-if)#exit
Router(config)#int fa 0/1
Router(config-if)#ip add 10.1.1.1 255.255.255.0
Router(config-if)#no sh
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

- 동적 NAT 설정 -
Router(config-if)#ip nat pool bban 172.69.232.209 172.69.232.222 netmask 255.255.255.0
- 그룹명은 bban, 글로벌 Address는 172.69.232.209 ~ 172.69.232.222 사이로 범위를 정한다.
Router(config)#access-list 1 permit 10.1.1.0 0.0.0.255
- ACL(Access-list) 을 이용해서 변환할 내부의 로컨 주소 범위를 지정한다.
Router(config)#ip nat inside source list 1 pool bban
- ACL 번호와 pool 이름을 매치시킨다.
Router(config)#int fa 0/1
Router(config-if)#ip nat inside  - interface 0/1이 내부 네트워크로 연결된 포트이다.
Router(config-if)#exit
Router(config)#int fa 0/0
Router(config-if)#ip nat outside  - interface 0/0이 외부 네트워크로 연결된 포트이다.
Router(config-if)#end
%SYS-5-CONFIG_I: Configured from console by console

-----------------------------------------------------------------------------------------------------

Router 3의 설정

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int fa 0/0
Router(config-if)#ip add 172.69.232.2 255.255.255.0
Router(config-if)#no sh
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

-----------------------------------------------------------------------------------------------------

PC1의 설정

Packet Tracer PC Command Line 1.0
PC>ping 172.69.232.1    - Router 2로의 연결 확인
Pinging 172.69.232.1 with 32 bytes of data:

Request timed out.
Reply from 172.69.232.1: bytes=32 time=125ms TTL=255
Reply from 172.69.232.1: bytes=32 time=63ms TTL=255
Reply from 172.69.232.1: bytes=32 time=63ms TTL=255

Ping statistics for 172.69.232.1:
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
    Minimum = 63ms, Maximum = 125ms, Average = 83ms

PC>ping 172.69.232.2   - Router 3으로의 연결 확인 (동적 NAT 설정 전)
Pinging 172.69.232.2 with 32 bytes of data:

Request timed out.
Request timed out.
Reply from 172.69.232.2: bytes=32 time=94ms TTL=254
Reply from 172.69.232.2: bytes=32 time=94ms TTL=254

Ping statistics for 172.69.232.2:
    Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 94ms, Maximum = 94ms, Average = 94ms

PC>ping 172.69.232.2  - Router 3으로의 연결 확인 (동적 NAT 설정 후)
Pinging 172.69.232.2 with 32 bytes of data:

Reply from 172.69.232.2: bytes=32 time=94ms TTL=254
Reply from 172.69.232.2: bytes=32 time=93ms TTL=254
Reply from 172.69.232.2: bytes=32 time=94ms TTL=254
Reply from 172.69.232.2: bytes=32 time=78ms TTL=254

Ping statistics for 172.69.232.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 78ms, Maximum = 94ms, Average = 89ms

--------------------------------------------------------------

PC2의 설정

Packet Tracer PC Command Line 1.0
PC>ping 172.69.232.2  - Router 3으로의 연결 확인 (동적 NAT 설정 후)
Pinging 172.69.232.2 with 32 bytes of data:

Request timed out.
Reply from 172.69.232.2: bytes=32 time=94ms TTL=254
Reply from 172.69.232.2: bytes=32 time=94ms TTL=254
Reply from 172.69.232.2: bytes=32 time=93ms TTL=254

Ping statistics for 172.69.232.2:
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
    Minimum = 93ms, Maximum = 94ms, Average = 93ms

-------------------------------------------------------------

PC3의 설정

Packet Tracer PC Command Line 1.0
PC>ping 172.69.232.2  - Router 3으로의 연결 확인 (동적 NAT 설정 후)
Pinging 172.69.232.2 with 32 bytes of data:

Request timed out.
Reply from 172.69.232.2: bytes=32 time=78ms TTL=254
Reply from 172.69.232.2: bytes=32 time=94ms TTL=254
Reply from 172.69.232.2: bytes=32 time=94ms TTL=254

Ping statistics for 172.69.232.2:
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
    Minimum = 78ms, Maximum = 94ms, Average = 88ms

-----------------------------------------------------------------------------------------------------

설정 확인 - Router 2

Router#show ip nat translations                 - PC 1이 추가 되었을 때
Pro  Inside global     Inside local       Outside local      Outside global
---  172.69.232.209    10.1.1.2           ---                ---

Router#show ip nat translations                 - PC 2이 추가 되었을 때
Pro  Inside global     Inside local       Outside local      Outside global
---  172.69.232.209    10.1.1.2           ---                ---
---  172.69.232.210    10.1.1.3           ---                ---

Router#show ip nat translations                - PC 3이 추가 되었을 때
Pro  Inside global     Inside local       Outside local      Outside global
---  172.69.232.209    10.1.1.2           ---                ---
---  172.69.232.210    10.1.1.3           ---                ---
---  172.69.232.211    10.1.1.4           ---                ---

Router#debug ip nat
IP NAT debugging is on
Router#
NAT: s=10.1.1.2->172.69.232.209, d=172.69.232.2[3]
Router#
NAT*: s=172.69.232.2, d=172.69.232.209->10.1.1.2[3]
Router#
NAT: s=10.1.1.2->172.69.232.209, d=172.69.232.2[3]
Router#
NAT*: s=172.69.232.2, d=172.69.232.209->10.1.1.2[3]
Router#
NAT: s=10.1.1.2->172.69.232.209, d=172.69.232.2[3]
Router#
NAT*: s=172.69.232.2, d=172.69.232.209->10.1.1.2[3]
Router#
NAT: s=10.1.1.2->172.69.232.209, d=172.69.232.2[3]
Router#
NAT*: s=172.69.232.2, d=172.69.232.209->10.1.1.2[3]
Router#

dynamic-NAT.pkt